usn-2743-1
Vulnerability from osv_ubuntu
Published
2015-09-22 22:08
Modified
2026-04-22 07:36
Summary
firefox vulnerabilities
Details

Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4500, CVE-2015-4501)

André Bargull discovered that when a web page creates a scripted proxy for the window with a handler defined a certain way, a reference to the inner window will be passed, rather than that of the outer window. (CVE-2015-4502)

Felix Gröbert discovered an out-of-bounds read in the QCMS color management library in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or obtain sensitive information. (CVE-2015-4504)

Khalil Zhani discovered a buffer overflow when parsing VP9 content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4506)

Spandan Veggalam discovered a crash while using the debugger API in some circumstances. If a user were tricked in to opening a specially crafted website whilst using the debugger, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4507)

Juho Nurminen discovered that the URL bar could display the wrong URL in reader mode in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2015-4508)

A use-after-free was discovered when manipulating HTML media content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4509)

Looben Yang discovered a use-after-free when using a shared worker with IndexedDB in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4510)

Francisco Alonso discovered an out-of-bounds read during 2D canvas rendering in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-4512)

Jeff Walden discovered that changes could be made to immutable properties in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary script in a privileged scope. (CVE-2015-4516)

Ronald Crane reported multiple vulnerabilities. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180)

Mario Gomes discovered that dragging and dropping an image after a redirect exposes the redirected URL to scripts. An attacker could potentially exploit this to obtain sensitive information. (CVE-2015-4519)

Ehsan Akhgari discovered 2 issues with CORS preflight requests. An attacker could potentially exploit these to bypass CORS restrictions. (CVE-2015-4520)


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2015-4500",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-4501",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-4502",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-4504",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-4506",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-4507",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-4508",
              "severity": [
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-4509",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-4510",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-4512",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-4516",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-4517",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-4519",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-4520",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-4521",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-4522",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-7174",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-7175",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-7176",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-7177",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-7180",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:14.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "firefox",
            "binary_version": "41.0+build3-0ubuntu0.14.04.1"
          },
          {
            "binary_name": "firefox-globalmenu",
            "binary_version": "41.0+build3-0ubuntu0.14.04.1"
          },
          {
            "binary_name": "firefox-mozsymbols",
            "binary_version": "41.0+build3-0ubuntu0.14.04.1"
          },
          {
            "binary_name": "firefox-testsuite",
            "binary_version": "41.0+build3-0ubuntu0.14.04.1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:14.04:LTS",
        "name": "firefox",
        "purl": "pkg:deb/ubuntu/firefox@41.0+build3-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "41.0+build3-0ubuntu0.14.04.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "24.0+build1-0ubuntu1",
        "25.0+build3-0ubuntu0.13.10.1",
        "28.0~b2+build1-0ubuntu2",
        "28.0+build1-0ubuntu1",
        "28.0+build2-0ubuntu1",
        "28.0+build2-0ubuntu2",
        "29.0+build1-0ubuntu0.14.04.2",
        "30.0+build1-0ubuntu0.14.04.3",
        "31.0+build1-0ubuntu0.14.04.1",
        "32.0+build1-0ubuntu0.14.04.1",
        "32.0.3+build1-0ubuntu0.14.04.1",
        "33.0+build2-0ubuntu0.14.04.1",
        "34.0+build2-0ubuntu0.14.04.1",
        "35.0+build3-0ubuntu0.14.04.2",
        "35.0.1+build1-0ubuntu0.14.04.1",
        "36.0+build2-0ubuntu0.14.04.4",
        "36.0.1+build2-0ubuntu0.14.04.1",
        "36.0.4+build1-0ubuntu0.14.04.1",
        "37.0+build2-0ubuntu0.14.04.1",
        "37.0.1+build1-0ubuntu0.14.04.1",
        "37.0.2+build1-0ubuntu0.14.04.1",
        "38.0+build3-0ubuntu0.14.04.1",
        "39.0+build5-0ubuntu0.14.04.1",
        "39.0.3+build2-0ubuntu0.14.04.1",
        "40.0+build4-0ubuntu0.14.04.1",
        "40.0+build4-0ubuntu0.14.04.4",
        "40.0.3+build1-0ubuntu0.14.04.1"
      ]
    }
  ],
  "aliases": [],
  "details": "Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David\nMajor, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup\ndiscovered multiple memory safety issues in Firefox. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2015-4500, CVE-2015-4501)\n\nAndr\u00e9 Bargull discovered that when a web page creates a scripted proxy\nfor the window with a handler defined a certain way, a reference to the\ninner window will be passed, rather than that of the outer window.\n(CVE-2015-4502)\n\nFelix Gr\u00f6bert discovered an out-of-bounds read in the QCMS color\nmanagement library in some circumstances. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to cause a denial of service via application crash, or obtain\nsensitive information. (CVE-2015-4504)\n\nKhalil Zhani discovered a buffer overflow when parsing VP9 content in some\ncircumstances. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2015-4506)\n\nSpandan Veggalam discovered a crash while using the debugger API in some\ncircumstances. If a user were tricked in to opening a specially crafted\nwebsite whilst using the debugger, an attacker could potentially exploit\nthis to execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2015-4507)\n\nJuho Nurminen discovered that the URL bar could display the wrong URL in\nreader mode in some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this to\nconduct URL spoofing attacks. (CVE-2015-4508)\n\nA use-after-free was discovered when manipulating HTML media content in\nsome circumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2015-4509)\n\nLooben Yang discovered a use-after-free when using a shared worker with\nIndexedDB in some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this to\ncause a denial of service via application crash, or execute arbitrary code\nwith the privileges of the user invoking Firefox. (CVE-2015-4510)\n\nFrancisco Alonso discovered an out-of-bounds read during 2D canvas\nrendering in some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this to\nobtain sensitive information. (CVE-2015-4512)\n\nJeff Walden discovered that changes could be made to immutable properties\nin some circumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to execute\narbitrary script in a privileged scope. (CVE-2015-4516)\n\nRonald Crane reported multiple vulnerabilities. If a user were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit these to cause a denial of service via application crash, or\nexecute arbitrary code with the privileges of the user invoking Firefox.\n(CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174,\nCVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180)\n\nMario Gomes discovered that dragging and dropping an image after a\nredirect exposes the redirected URL to scripts. An attacker could\npotentially exploit this to obtain sensitive information. (CVE-2015-4519)\n\nEhsan Akhgari discovered 2 issues with CORS preflight requests. An\nattacker could potentially exploit these to bypass CORS restrictions.\n(CVE-2015-4520)\n",
  "id": "USN-2743-1",
  "modified": "2026-04-22T07:36:32Z",
  "published": "2015-09-22T22:08:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-2743-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-4500"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-4501"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-4502"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-4504"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-4506"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-4507"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-4508"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-4509"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-4510"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-4512"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-4516"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-4517"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-4519"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-4520"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-4521"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-4522"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-7174"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-7175"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-7176"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-7177"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-7180"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "firefox vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2015-4500",
    "UBUNTU-CVE-2015-4501",
    "UBUNTU-CVE-2015-4502",
    "UBUNTU-CVE-2015-4504",
    "UBUNTU-CVE-2015-4506",
    "UBUNTU-CVE-2015-4507",
    "UBUNTU-CVE-2015-4508",
    "UBUNTU-CVE-2015-4509",
    "UBUNTU-CVE-2015-4510",
    "UBUNTU-CVE-2015-4512",
    "UBUNTU-CVE-2015-4516",
    "UBUNTU-CVE-2015-4517",
    "UBUNTU-CVE-2015-4519",
    "UBUNTU-CVE-2015-4520",
    "UBUNTU-CVE-2015-4521",
    "UBUNTU-CVE-2015-4522",
    "UBUNTU-CVE-2015-7174",
    "UBUNTU-CVE-2015-7175",
    "UBUNTU-CVE-2015-7176",
    "UBUNTU-CVE-2015-7177",
    "UBUNTU-CVE-2015-7180"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…