{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-08-27T00:00:00", "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token sequences for a CANVAS element."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-20T16:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-94.html"}, {"name": "DSA-3345", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3345"}, {"name": "SUSE-SU-2015:2081", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"}, {"name": "USN-2723-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2723-1"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-406"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1175278"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"name": "SUSE-SU-2015:1504", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00013.html"}, {"name": "openSUSE-SU-2015:1492", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00000.html"}, {"name": "76502", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/76502"}, {"name": "RHSA-2015:1693", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1693.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1164766"}, {"name": "1033397", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1033397"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2015-4497", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token sequences for a CANVAS element."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-94.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-94.html"}, {"name": "DSA-3345", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3345"}, {"name": "SUSE-SU-2015:2081", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"}, {"name": "USN-2723-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2723-1"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-406", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-406"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1175278", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1175278"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"name": "SUSE-SU-2015:1504", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00013.html"}, {"name": "openSUSE-SU-2015:1492", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00000.html"}, {"name": "76502", "refsource": "BID", "url": "http://www.securityfocus.com/bid/76502"}, {"name": "RHSA-2015:1693", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1693.html"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1164766", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1164766"}, {"name": "1033397", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033397"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:18:11.935Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-94.html"}, {"name": "DSA-3345", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3345"}, {"name": "SUSE-SU-2015:2081", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"}, {"name": "USN-2723-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2723-1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-406"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1175278"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"name": "SUSE-SU-2015:1504", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00013.html"}, {"name": "openSUSE-SU-2015:1492", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00000.html"}, {"name": "76502", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/76502"}, {"name": "RHSA-2015:1693", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1693.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1164766"}, {"name": "1033397", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1033397"}]}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2015-4497", "datePublished": "2015-08-29T19:00:00", "dateReserved": "2015-06-10T00:00:00", "dateUpdated": "2024-08-06T06:18:11.935Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:40.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "59E90F00-714E-4F60-877D-1ED031C81622", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*", "matchCriteriaId": "7A1DD76B-7682-4F61-B274-115D8A9B5306", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "332589F6-C6DB-4204-97FA-B60105BBF146", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "A04D6EAE-C709-4752-976E-DB15EE6E85B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FE52B8E3-3BA8-46DB-948E-958739FE91B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B50189A6-C058-46EA-9BE8-9D01E304D518", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token sequences for a CANVAS element."}, {"lang": "es", "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n de memoria en la implementaci\u00f3n de CanvasRenderingContext2D en Mozilla Firefox en versiones anteriores a 40.0.3 y Firefox ESR 38.x en versiones anteriores a 38.2.1, permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante el aprovechamiento de la interacci\u00f3n inadecuada entre los eventos de cambio de tama\u00f1o y los cambios en las secuencias de token Cascading Style Sheets (CSS) para un elemento CANVAS."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", "id": "CVE-2015-4497", "lastModified": "2016-12-22T02:59:54.710", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-08-29T19:59:00.123", "references": [{"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00013.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00000.html"}, {"source": "security@mozilla.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-1693.html"}, {"source": "security@mozilla.org", "url": "http://www.debian.org/security/2015/dsa-3345"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-94.html"}, {"source": "security@mozilla.org", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"source": "security@mozilla.org", "url": "http://www.securityfocus.com/bid/76502"}, {"source": "security@mozilla.org", "url": "http://www.securitytracker.com/id/1033397"}, {"source": "security@mozilla.org", "url": "http://www.ubuntu.com/usn/USN-2723-1"}, {"source": "security@mozilla.org", "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-406"}, {"source": "security@mozilla.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1164766"}, {"source": "security@mozilla.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1175278"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Jean-Max Reymond and Ucha Gobejishvili as the original reporters.", "affected_release": [{"advisory": "RHSA-2015:1693", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "firefox-0:38.2.1-1.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2015-08-27T00:00:00Z"}, {"advisory": "RHSA-2015:1693", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "firefox-0:38.2.1-1.el6_7", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-08-27T00:00:00Z"}, {"advisory": "RHSA-2015:1693", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:38.2.1-1.el7_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-08-27T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Use-after-free when resizing canvas element during restyling (MFSA 2015-94)", "id": "1257276", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257276"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-416", "details": ["Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token sequences for a CANVAS element."], "name": "CVE-2015-4497", "public_date": "2015-08-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-4497\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4497\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-94.html"], "threat_severity": "Critical"}