Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2015-2733

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.mozilla.org...
CONFIRM: https://bugzilla.mozil...
SUSE: SUSE-SU-2015:1268
SUSE: SUSE-SU-2015:1269
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
BID: 75541
GENTOO: GLSA-201512-10
SUSE: SUSE-SU-2015:1449
SUSE: openSUSE-SU-2015:1266
REDHAT: RHSA-2015:1207
SUSE: openSUSE-SU-2015:1229
UBUNTU: USN-2656-1
UBUNTU: USN-2656-2
SECTRACK: 1032783
SECTRACK: 1032784

Launchpad.net

CVE 2015-2733

Related bugs

References