CVE-2015-4488: Use After Free
First published: Sun Aug 16 2015(Updated: )
Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Solaris SPARC | =11.3 | |
| Ubuntu Linux | =12.04 | |
| Ubuntu Linux | =14.04 | |
| Ubuntu Linux | =15.04 | |
| openSUSE | =13.1 | |
| openSUSE | =13.2 | |
| Mozilla Firefox | <=39.0.3 | |
| Mozilla Firefox | =38.0 | |
| Mozilla Firefox | =38.0.1 | |
| Mozilla Firefox | =38.0.5 | |
| Mozilla Firefox | =38.1.0 | |
| Mozilla Firefox OS | =2.1.0 | |
| Mozilla Firefox ESR | =38.0 | |
| Mozilla Firefox ESR | =38.0.1 | |
| Mozilla Firefox ESR | =38.0.5 | |
| Mozilla Firefox ESR | =38.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html
- http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html
- http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html
- http://rhn.redhat.com/errata/RHSA-2015-1586.html
- http://rhn.redhat.com/errata/RHSA-2015-1682.html
- http://www.debian.org/security/2015/dsa-3333
- http://www.debian.org/security/2015/dsa-3410
- http://www.mozilla.org/security/announce/2015/mfsa2015-90.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securitytracker.com/id/1033247
- http://www.securitytracker.com/id/1033372
- http://www.ubuntu.com/usn/USN-2702-1
- http://www.ubuntu.com/usn/USN-2702-2
- http://www.ubuntu.com/usn/USN-2702-3
- http://www.ubuntu.com/usn/USN-2712-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1176270
- https://security.gentoo.org/glsa/201605-06
Frequently Asked Questions
What is the severity of CVE-2015-4488?
CVE-2015-4488 has been classified with a moderate severity level due to the potential impact it may have on system security.
How do I fix CVE-2015-4488?
To fix CVE-2015-4488, upgrade to a fixed version of Mozilla Firefox or the affected software that addresses this vulnerability.
What versions of Firefox are affected by CVE-2015-4488?
CVE-2015-4488 affects Mozilla Firefox versions prior to 40.0, including Firefox ESR 38.x before 38.2.
Is CVE-2015-4488 present in Ubuntu Linux?
Yes, CVE-2015-4488 is present in Ubuntu Linux versions 12.04, 14.04, and 15.04.
Can CVE-2015-4488 be exploited remotely?
Yes, CVE-2015-4488 can be exploited remotely by attackers leveraging the vulnerability.
- agent/type
- agent/references
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/first-publish-date
- agent/author
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/oracle
- canonical/oracle solaris sparc
- version/oracle solaris sparc/11.3
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/12.04
- version/ubuntu linux/14.04
- version/ubuntu linux/15.04
- vendor/opensuse
- canonical/opensuse
- version/opensuse/13.1
- version/opensuse/13.2
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/39.0.3
- version/mozilla firefox/38.0
- version/mozilla firefox/38.0.1
- version/mozilla firefox/38.0.5
- version/mozilla firefox/38.1.0
- canonical/mozilla firefox os
- version/mozilla firefox os/2.1.0
- canonical/mozilla firefox esr
- version/mozilla firefox esr/38.0
- version/mozilla firefox esr/38.0.1
- version/mozilla firefox esr/38.0.5
- version/mozilla firefox esr/38.1.0