[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-USN-2743-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":98,"duplicates":99,"related":100,"reserved_at":9,"published_at":122,"modified_at":123,"state":9,"summary":124,"references_raw":126,"kevs":218,"epss":9,"epss_history":219,"metrics":220,"affected":221},"USN-2743-1","firefox vulnerabilities\n\nAndrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David\nMajor, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup\ndiscovered multiple memory safety issues in Firefox. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2015-4500, CVE-2015-4501)\n\nAndré Bargull discovered that when a web page creates a scripted proxy\nfor the window with a handler defined a certain way, a reference to the\ninner window will be passed, rather than that of the outer window.\n(CVE-2015-4502)\n\nFelix Gröbert discovered an out-of-bounds read in the QCMS color\nmanagement library in some circumstances. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to cause a denial of service via application crash, or obtain\nsensitive information. (CVE-2015-4504)\n\nKhalil Zhani discovered a buffer overflow when parsing VP9 content in some\ncircumstances. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2015-4506)\n\nSpandan Veggalam discovered a crash while using the debugger API in some\ncircumstances. If a user were tricked in to opening a specially crafted\nwebsite whilst using the debugger, an attacker could potentially exploit\nthis to execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2015-4507)\n\nJuho Nurminen discovered that the URL bar could display the wrong URL in\nreader mode in some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this to\nconduct URL spoofing attacks. (CVE-2015-4508)\n\nA use-after-free was discovered when manipulating HTML media content in\nsome circumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2015-4509)\n\nLooben Yang discovered a use-after-free when using a shared worker with\nIndexedDB in some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this to\ncause a denial of service via application crash, or execute arbitrary code\nwith the privileges of the user invoking Firefox. (CVE-2015-4510)\n\nFrancisco Alonso discovered an out-of-bounds read during 2D canvas\nrendering in some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this to\nobtain sensitive information. (CVE-2015-4512)\n\nJeff Walden discovered that changes could be made to immutable properties\nin some circumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to execute\narbitrary script in a privileged scope. (CVE-2015-4516)\n\nRonald Crane reported multiple vulnerabilities. If a user were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit these to cause a denial of service via application crash, or\nexecute arbitrary code with the privileges of the user invoking Firefox.\n(CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174,\nCVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180)\n\nMario Gomes discovered that dragging and dropping an image after a\nredirect exposes the redirected URL to scripts. An attacker could\npotentially exploit this to obtain sensitive information. (CVE-2015-4519)\n\nEhsan Akhgari discovered 2 issues with CORS preflight requests. An\nattacker could potentially exploit these to bypass CORS restrictions.\n(CVE-2015-4520)\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96],{"_key":15},"CVE-2015-4500",{"_key":17},"CVE-2015-4501",{"_key":19},"CVE-2015-4502",{"_key":21},"CVE-2015-4504",{"_key":23},"CVE-2015-4506",{"_key":25},"CVE-2015-4507",{"_key":27},"CVE-2015-4508",{"_key":29},"CVE-2015-4509",{"_key":31},"CVE-2015-4510",{"_key":33},"CVE-2015-4512",{"_key":35},"CVE-2015-4516",{"_key":37},"CVE-2015-4517",{"_key":39},"CVE-2015-4519",{"_key":41},"CVE-2015-4520",{"_key":43},"CVE-2015-4521",{"_key":45},"CVE-2015-4522",{"_key":47},"CVE-2015-7174",{"_key":49},"CVE-2015-7175",{"_key":51},"CVE-2015-7176",{"_key":53},"CVE-2015-7177",{"_key":55},"CVE-2015-7180",{"_key":57},"UBUNTU-CVE-2015-4500",{"_key":59},"UBUNTU-CVE-2015-4501",{"_key":61},"UBUNTU-CVE-2015-4502",{"_key":63},"UBUNTU-CVE-2015-4504",{"_key":65},"UBUNTU-CVE-2015-4506",{"_key":67},"UBUNTU-CVE-2015-4507",{"_key":69},"UBUNTU-CVE-2015-4508",{"_key":71},"UBUNTU-CVE-2015-4509",{"_key":73},"UBUNTU-CVE-2015-4510",{"_key":75},"UBUNTU-CVE-2015-4512",{"_key":77},"UBUNTU-CVE-2015-4516",{"_key":79},"UBUNTU-CVE-2015-4517",{"_key":81},"UBUNTU-CVE-2015-4519",{"_key":83},"UBUNTU-CVE-2015-4520",{"_key":85},"UBUNTU-CVE-2015-4521",{"_key":87},"UBUNTU-CVE-2015-4522",{"_key":89},"UBUNTU-CVE-2015-7174",{"_key":91},"UBUNTU-CVE-2015-7175",{"_key":93},"UBUNTU-CVE-2015-7176",{"_key":95},"UBUNTU-CVE-2015-7177",{"_key":97},"UBUNTU-CVE-2015-7180",[],[],[101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121],{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":67},{"_key":69},{"_key":71},{"_key":73},{"_key":75},{"_key":77},{"_key":79},{"_key":81},{"_key":83},{"_key":85},{"_key":87},{"_key":89},{"_key":91},{"_key":93},{"_key":95},{"_key":97},"2015-09-22T22:08:43Z","2026-04-22T09:16:54.107475Z",{"cisa_kev":125,"cisa_ransomware":125,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[127,133,138,142,146,150,154,158,162,166,170,174,178,182,186,190,194,198,202,206,210,214],{"url":128,"sources":129,"tags":131},"https://ubuntu.com/security/notices/USN-2743-1",[130],"osv_ubuntu",[132],"Advisory",{"url":134,"sources":135,"tags":136},"https://ubuntu.com/security/CVE-2015-4500",[130],[137],"REPORT",{"url":139,"sources":140,"tags":141},"https://ubuntu.com/security/CVE-2015-4501",[130],[137],{"url":143,"sources":144,"tags":145},"https://ubuntu.com/security/CVE-2015-4502",[130],[137],{"url":147,"sources":148,"tags":149},"https://ubuntu.com/security/CVE-2015-4504",[130],[137],{"url":151,"sources":152,"tags":153},"https://ubuntu.com/security/CVE-2015-4506",[130],[137],{"url":155,"sources":156,"tags":157},"https://ubuntu.com/security/CVE-2015-4507",[130],[137],{"url":159,"sources":160,"tags":161},"https://ubuntu.com/security/CVE-2015-4508",[130],[137],{"url":163,"sources":164,"tags":165},"https://ubuntu.com/security/CVE-2015-4509",[130],[137],{"url":167,"sources":168,"tags":169},"https://ubuntu.com/security/CVE-2015-4510",[130],[137],{"url":171,"sources":172,"tags":173},"https://ubuntu.com/security/CVE-2015-4512",[130],[137],{"url":175,"sources":176,"tags":177},"https://ubuntu.com/security/CVE-2015-4516",[130],[137],{"url":179,"sources":180,"tags":181},"https://ubuntu.com/security/CVE-2015-4517",[130],[137],{"url":183,"sources":184,"tags":185},"https://ubuntu.com/security/CVE-2015-4519",[130],[137],{"url":187,"sources":188,"tags":189},"https://ubuntu.com/security/CVE-2015-4520",[130],[137],{"url":191,"sources":192,"tags":193},"https://ubuntu.com/security/CVE-2015-4521",[130],[137],{"url":195,"sources":196,"tags":197},"https://ubuntu.com/security/CVE-2015-4522",[130],[137],{"url":199,"sources":200,"tags":201},"https://ubuntu.com/security/CVE-2015-7174",[130],[137],{"url":203,"sources":204,"tags":205},"https://ubuntu.com/security/CVE-2015-7175",[130],[137],{"url":207,"sources":208,"tags":209},"https://ubuntu.com/security/CVE-2015-7176",[130],[137],{"url":211,"sources":212,"tags":213},"https://ubuntu.com/security/CVE-2015-7177",[130],[137],{"url":215,"sources":216,"tags":217},"https://ubuntu.com/security/CVE-2015-7180",[130],[137],[],[],[],[222],{"ecosystem":223,"name":224,"vendor":225,"product":224,"cpe_part":9,"purl_type":226,"purl_namespace":225,"purl_name":224,"source":9,"versions":227},"Ubuntu","firefox","ubuntu","deb",[228],{"version":229,"is_range":230,"range_type":231,"version_start":9,"version_start_type":9,"version_end":232,"version_end_type":233,"fixed_in":9},"lt41_0+build3_0ubuntu0_14_04_1",true,"ecosystem","41.0+build3-0ubuntu0.14.04.1","excluding"]