nvd-json-data-feeds/CVE-2015/CVE-2015-44xx/CVE-2015-4497.json

{
  "id": "CVE-2015-4497",
  "sourceIdentifier": "security@mozilla.org",
  "published": "2015-08-29T19:59:00.123",
  "lastModified": "2016-12-22T02:59:54.710",
  "vulnStatus": "Modified",
  "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>",
  "descriptions": [
    {
      "lang": "en",
      "value": "Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token sequences for a CANVAS element."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n de memoria en la implementaci\u00f3n de CanvasRenderingContext2D en Mozilla Firefox en versiones anteriores a 40.0.3 y Firefox ESR 38.x en versiones anteriores a 38.2.1, permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante el aprovechamiento de la interacci\u00f3n inadecuada entre los eventos de cambio de tama\u00f1o y los cambios en las secuencias de token Cascading Style Sheets (CSS) para un elemento CANVAS."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mozilla:firefox:40.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "59E90F00-714E-4F60-877D-1ED031C81622"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A1DD76B-7682-4F61-B274-115D8A9B5306"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "332589F6-C6DB-4204-97FA-B60105BBF146"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A04D6EAE-C709-4752-976E-DB15EE6E85B0"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE52B8E3-3BA8-46DB-948E-958739FE91B1"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B50189A6-C058-46EA-9BE8-9D01E304D518"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00013.html",
      "source": "security@mozilla.org"
    },
    {
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html",
      "source": "security@mozilla.org"
    },
    {
      "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00000.html",
      "source": "security@mozilla.org"
    },
    {
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1693.html",
      "source": "security@mozilla.org"
    },
    {
      "url": "http://www.debian.org/security/2015/dsa-3345",
      "source": "security@mozilla.org"
    },
    {
      "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-94.html",
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
      "source": "security@mozilla.org"
    },
    {
      "url": "http://www.securityfocus.com/bid/76502",
      "source": "security@mozilla.org"
    },
    {
      "url": "http://www.securitytracker.com/id/1033397",
      "source": "security@mozilla.org"
    },
    {
      "url": "http://www.ubuntu.com/usn/USN-2723-1",
      "source": "security@mozilla.org"
    },
    {
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-406",
      "source": "security@mozilla.org"
    },
    {
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1164766",
      "source": "security@mozilla.org"
    },
    {
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1175278",
      "source": "security@mozilla.org"
    }
  ]
}