CVE-2015-2733

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker.

Published: Jul 6, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-2733
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mozilla / firefox	-	38.1.0.x
oracle / solaris	11.3	11.3.x
mozilla / firefox_esr	38.0	38.0.x
mozilla / firefox_esr	31.1	31.1.x
mozilla / firefox_esr	31.3.0	31.3.0.x
mozilla / firefox_esr	31.1.1	31.1.1.x
mozilla / firefox_esr	31.7.0	31.7.0.x
mozilla / firefox_esr	31.5	31.5.x
mozilla / firefox_esr	31.6.0	31.6.0.x
mozilla / firefox_esr	31.3	31.3.x
mozilla / firefox_esr	31.5.3	31.5.3.x
mozilla / firefox_esr	31.5.1	31.5.1.x
mozilla / firefox_esr	31.1.0	31.1.0.x
mozilla / firefox_esr	31.2	31.2.x
mozilla / firefox_esr	31.4	31.4.x
mozilla / firefox_esr	31.0	31.0.x
mozilla / firefox_esr	31.5.2	31.5.2.x
novell / suse_linux_enterprise_server	12.0	12.0.x
novell / suse_linux_enterprise_desktop	12.0	12.0.x
novell / suse_linux_enterprise_desktop	11-sp4	11-sp4.x

Vulnerability Database

289,599

CVE-2015-2733