CVE-2015-4509
Firefox < 41.0 - Remote Code Execution via HTMLVideoElement Use-After-Free
Title source: llmDescription
Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176.
References (21)
Core 21
Core References
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00004.html
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-15-646
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2754-1
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2015/mfsa2015-106.html
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1198435
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2743-4
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2743-3
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1834.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2743-2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033640
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1852.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3365
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/76816
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00007.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2743-1
Scores
EPSS
0.0494
EPSS Percentile
89.8%
Details
Status
published
Products (8)
mozilla/firefox
38.0
mozilla/firefox
38.0.1
mozilla/firefox
38.0.5
mozilla/firefox
38.1.0
mozilla/firefox
38.1.1
mozilla/firefox
38.2.0
mozilla/firefox
38.2.1
mozilla/firefox
< 40.0.3
Published
Sep 24, 2015
Tracked Since
Feb 18, 2026