Use-after-free Vulnerability in Mozilla Firefox and Thunderbird
CVE-2015-2713

Currently unrated

Key Information:

Vendor
Novell
Status
Suse Linux Enterprise Server
Suse Linux Enterprise Desktop
Opensuse
Suse Linux Enterprise Software Development Kit
Vendor
CVE Published:
14 May 2015

Summary

The vulnerability arises from a use-after-free condition in the SetBreaks function, which can be exploited by remote attackers. By crafting a document that includes specific CSS token sequences related to vertical text properties, an attacker can execute arbitrary code or achieve a denial of service through heap memory corruption. This issue affects users of Mozilla Firefox versions prior to 38.0, as well as Firefox ESR 31.x prior to 31.7 and Thunderbird versions before 31.7.

References

http://www.ubuntu.com/usn/USN-2602-1
vendor-advisoryx_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2015-0988.html
vendor-advisoryx_refsource_REDHAT
https://www.mozilla.org/en-US/security/known-vulnerabilit...
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2015-2713 : Use-after-free Vulnerability in Mozilla Firefox and Thunderbird | SecurityVulnerability.io