UBUNTU-CVE-2015-2731

UNKNOWN

Published Jul 5, 2015

Modified 1 years ago

Fix available

Details

Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allows remote attackers to execute arbitrary code by leveraging client-side JavaScript that triggers removal of a DOM object on the basis of a Content Policy.

Affected Packages

firefox

Ubuntu 14.04 LTS

Affected versions:

24.0+build1-0ubuntu125.0+build3-0ubuntu0.13.10.128.0+build1-0ubuntu128.0+build2-0ubuntu128.0+build2-0ubuntu228.0~b2+build1-0ubuntu229.0+build1-0ubuntu0.14.04.230.0+build1-0ubuntu0.14.04.331.0+build1-0ubuntu0.14.04.132.0+build1-0ubuntu0.14.04.1+12 more

Fixed in:

39.0+build5-0ubuntu0.14.04.1

thunderbird

Ubuntu 14.04 LTS

Affected versions:

1:24.0+build1-0ubuntu11:24.0+build1-0ubuntu21:24.1.1+build1-0ubuntu0.13.10.11:24.1.1+build1-0ubuntu11:24.2.0+build1-0ubuntu11:24.4.0+build1-0ubuntu11:24.5.0+build1-0ubuntu0.14.04.11:24.6.0+build1-0ubuntu0.14.04.11:31.0+build1-0ubuntu0.14.04.11:31.1.1+build1-0ubuntu0.14.04.1+7 more

Fixed in:

1:31.8.0+build1-0ubuntu0.14.04.1

References

REPORThttp://www.mozilla.org/security/announce/2015/mfsa2015-63.html REPORThttps://bugzilla.mozilla.org/show_bug.cgi?id=1149891 REPORThttps://ubuntu.com/security/CVE-2015-2731 REPORThttps://ubuntu.com/security/notices/USN-2656-1 REPORThttps://ubuntu.com/security/notices/USN-2656-2 REPORThttps://www.cve.org/CVERecord?id=CVE-2015-2731 REPORThttps://www.mozilla.org/en-US/security/advisories/mfsa2015-63/

CVE-2015-2731 USN-2656-1 USN-2656-2

Ecosystems

Ubuntu 14.04 LTS

Timeline

PublishedJul 5, 2015

ModifiedJan 13, 2025

UBUNTU-CVE-2015-2731 | Mondoo Vulnerability Intelligence

UBUNTU-CVE-2015-2731

Details

Affected Packages

References

Related

Ecosystems

Timeline