CVE-2015-7204
Advisory lineage Upstream: 0 Downstream: 5
Modified
Published: 16 Dec 2015, 11:00
Last modified:06 Aug 2024, 07:43
Vulnerability Summary
Overall Risk (default)
medium
28/100 CVSS Score
6.8 MEDIUM
v2.0 (nvd)
EPSS Score
1.72% LOW
2% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
16 Dec 2015, 11:00
Published
Vulnerability first disclosed
06 Aug 2024, 07:43
Last Modified
Vulnerability information updated
Description
Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments.
CVSS Metrics
- v2.0•MEDIUM•Score: 6.8AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS Trends
Current EPSS score: 1.72%• Percentile: 83%
Techniques & Countermeasures
- CWE-17•DEPRECATED: Code
This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.
Affected Systems
- fedoraproject•fedora
22 | 23
- mozilla•firefox
≤ 42.0 | 41.0 | 41.0.1 | 41.0.2
- opensuse•leap
42.1
- opensuse•opensuse
13.1 | 13.2
References (11)
- https://bugzilla.mozilla.org/show_bug.cgi?id=1216130
- https://security.gentoo.org/glsa/201512-10
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html
- http://www.ubuntu.com/usn/USN-2833-1
- http://www.securityfocus.com/bid/79280
- http://www.mozilla.org/security/announce/2015/mfsa2015-135.html
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html
- http://www.securitytracker.com/id/1034426