[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-USN-2702-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":82,"duplicates":83,"related":84,"reserved_at":9,"published_at":102,"modified_at":103,"state":9,"summary":104,"references_raw":106,"kevs":182,"epss":9,"epss_history":183,"metrics":184,"affected":185},"USN-2702-1","firefox vulnerabilities\n\nGary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley,\nChris Coulson, and Eric Rahm discovered multiple memory safety issues in\nFirefox. If a user were tricked in to opening a specially crafted website,\nan attacker could potentially exploit these to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges of\nthe user invoking Firefox. (CVE-2015-4473, CVE-2015-4474)\n\nAki Helin discovered an out-of-bounds read when playing malformed MP3\ncontent in some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this to\nobtain sensitive information, cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2015-4475)\n\nA use-after-free was discovered during MediaStream playback in some\ncircumstances. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via application crash or execute arbitrary code with the\npriviliges of the user invoking Firefox. (CVE-2015-4477)\n\nAndré Bargull discovered that non-configurable properties on javascript\nobjects could be redefined when parsing JSON. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to bypass same-origin restrictions. (CVE-2015-4478)\n\nMultiple integer overflows were discovered in libstagefright. If a user\nwere tricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2015-4479, CVE-2015-4480, CVE-2015-4493)\n\nJukka Jylänki discovered a crash that occurs because javascript does not\nproperly gate access to Atomics or SharedArrayBuffers in some\ncircumstances. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice. (CVE-2015-4484)\n\nAbhishek Arya discovered 2 buffer overflows in libvpx when decoding\nmalformed WebM content in some circumstances. If a user were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit these to cause a denial of service via application crash, or\nexecute arbitrary code with the privileges of the user invoking Firefox.\n(CVE-2015-4485, CVE-2015-4486)\n\nRonald Crane reported 3 security issues. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit these, in combination with another security vulnerability, to\ncause a denial of service via application crash, or execute arbitrary\ncode with the privileges of the user invoking Firefox. (CVE-2015-4487,\nCVE-2015-4488, CVE-2015-4489)\n\nChristoph Kerschbaumer discovered an issue with Mozilla's implementation\nof Content Security Policy (CSP), which could allow for a more permissive\nusage in some cirucumstances. An attacker could potentially exploit this\nto conduct cross-site scripting (XSS) attacks. (CVE-2015-4490)\n\nGustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash or execute arbitrary code with the priviliges of the user invoking\nFirefox. (CVE-2015-4491)\n\nLooben Yang discovered a use-after-free when using XMLHttpRequest with\nshared workers in some circumstances. If a user were tricked in to opening\na specially crafted website, an attacker could potentially exploit this to\ncause a denial of service via application crash or execute arbitrary code\nwith the priviliges of the user invoking Firefox. (CVE-2015-4492)\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80],{"_key":15},"CVE-2015-4473",{"_key":17},"CVE-2015-4474",{"_key":19},"CVE-2015-4475",{"_key":21},"CVE-2015-4477",{"_key":23},"CVE-2015-4478",{"_key":25},"CVE-2015-4479",{"_key":27},"CVE-2015-4480",{"_key":29},"CVE-2015-4484",{"_key":31},"CVE-2015-4485",{"_key":33},"CVE-2015-4486",{"_key":35},"CVE-2015-4487",{"_key":37},"CVE-2015-4488",{"_key":39},"CVE-2015-4489",{"_key":41},"CVE-2015-4490",{"_key":43},"CVE-2015-4491",{"_key":45},"CVE-2015-4492",{"_key":47},"CVE-2015-4493",{"_key":49},"UBUNTU-CVE-2015-4473",{"_key":51},"UBUNTU-CVE-2015-4474",{"_key":53},"UBUNTU-CVE-2015-4475",{"_key":55},"UBUNTU-CVE-2015-4477",{"_key":57},"UBUNTU-CVE-2015-4478",{"_key":59},"UBUNTU-CVE-2015-4479",{"_key":61},"UBUNTU-CVE-2015-4480",{"_key":63},"UBUNTU-CVE-2015-4484",{"_key":65},"UBUNTU-CVE-2015-4485",{"_key":67},"UBUNTU-CVE-2015-4486",{"_key":69},"UBUNTU-CVE-2015-4487",{"_key":71},"UBUNTU-CVE-2015-4488",{"_key":73},"UBUNTU-CVE-2015-4489",{"_key":75},"UBUNTU-CVE-2015-4490",{"_key":77},"UBUNTU-CVE-2015-4491",{"_key":79},"UBUNTU-CVE-2015-4492",{"_key":81},"UBUNTU-CVE-2015-4493",[],[],[85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101],{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":67},{"_key":69},{"_key":71},{"_key":73},{"_key":75},{"_key":77},{"_key":79},{"_key":81},"2015-08-11T18:34:39Z","2026-04-22T09:14:53.790261Z",{"cisa_kev":105,"cisa_ransomware":105,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[107,113,118,122,126,130,134,138,142,146,150,154,158,162,166,170,174,178],{"url":108,"sources":109,"tags":111},"https://ubuntu.com/security/notices/USN-2702-1",[110],"osv_ubuntu",[112],"Advisory",{"url":114,"sources":115,"tags":116},"https://ubuntu.com/security/CVE-2015-4473",[110],[117],"REPORT",{"url":119,"sources":120,"tags":121},"https://ubuntu.com/security/CVE-2015-4474",[110],[117],{"url":123,"sources":124,"tags":125},"https://ubuntu.com/security/CVE-2015-4475",[110],[117],{"url":127,"sources":128,"tags":129},"https://ubuntu.com/security/CVE-2015-4477",[110],[117],{"url":131,"sources":132,"tags":133},"https://ubuntu.com/security/CVE-2015-4478",[110],[117],{"url":135,"sources":136,"tags":137},"https://ubuntu.com/security/CVE-2015-4479",[110],[117],{"url":139,"sources":140,"tags":141},"https://ubuntu.com/security/CVE-2015-4480",[110],[117],{"url":143,"sources":144,"tags":145},"https://ubuntu.com/security/CVE-2015-4484",[110],[117],{"url":147,"sources":148,"tags":149},"https://ubuntu.com/security/CVE-2015-4485",[110],[117],{"url":151,"sources":152,"tags":153},"https://ubuntu.com/security/CVE-2015-4486",[110],[117],{"url":155,"sources":156,"tags":157},"https://ubuntu.com/security/CVE-2015-4487",[110],[117],{"url":159,"sources":160,"tags":161},"https://ubuntu.com/security/CVE-2015-4488",[110],[117],{"url":163,"sources":164,"tags":165},"https://ubuntu.com/security/CVE-2015-4489",[110],[117],{"url":167,"sources":168,"tags":169},"https://ubuntu.com/security/CVE-2015-4490",[110],[117],{"url":171,"sources":172,"tags":173},"https://ubuntu.com/security/CVE-2015-4491",[110],[117],{"url":175,"sources":176,"tags":177},"https://ubuntu.com/security/CVE-2015-4492",[110],[117],{"url":179,"sources":180,"tags":181},"https://ubuntu.com/security/CVE-2015-4493",[110],[117],[],[],[],[186],{"ecosystem":187,"name":188,"vendor":189,"product":188,"cpe_part":9,"purl_type":190,"purl_namespace":189,"purl_name":188,"source":9,"versions":191},"Ubuntu","firefox","ubuntu","deb",[192],{"version":193,"is_range":194,"range_type":195,"version_start":9,"version_start_type":9,"version_end":196,"version_end_type":197,"fixed_in":9},"lt40_0+build4_0ubuntu0_14_04_1",true,"ecosystem","40.0+build4-0ubuntu0.14.04.1","excluding"]