Description
Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments.
References (11)
Core 11
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201512-10
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/79280
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1216130
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2833-1
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2015/mfsa2015-135.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1034426
Scores
EPSS
0.0172
EPSS Percentile
82.7%
Details
CWE
CWE-17
Status
published
Products (9)
fedoraproject/fedora
22
fedoraproject/fedora
23
mozilla/firefox
41.0
mozilla/firefox
41.0.1
mozilla/firefox
41.0.2
mozilla/firefox
< 42.0
opensuse/leap
42.1
opensuse/opensuse
13.1
opensuse/opensuse
13.2
Published
Dec 16, 2015
Tracked Since
Feb 18, 2026