CVE-2015-4487

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox Esr; Firefox; Firefox Os
Vendor: CVE Published:; 16 August 2015

Summary

The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow."

References

http://www.debian.org/security/2015/dsa-3410

vendor-advisoryx_refsource_DEBIAN

http://lists.opensuse.org/opensuse-security-announce/2015...

vendor-advisoryx_refsource_SUSE

http://www.ubuntu.com/usn/USN-2712-1

vendor-advisoryx_refsource_UBUNTU

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 16, 2015
Vulnerability Reserved
Jun 10, 2015