{"id":"USN-2702-1","summary":"firefox vulnerabilities","details":"Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley,\nChris Coulson, and Eric Rahm discovered multiple memory safety issues in\nFirefox. If a user were tricked in to opening a specially crafted website,\nan attacker could potentially exploit these to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges of\nthe user invoking Firefox. (CVE-2015-4473, CVE-2015-4474)\n\nAki Helin discovered an out-of-bounds read when playing malformed MP3\ncontent in some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this to\nobtain sensitive information, cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2015-4475)\n\nA use-after-free was discovered during MediaStream playback in some\ncircumstances. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via application crash or execute arbitrary code with the\npriviliges of the user invoking Firefox. (CVE-2015-4477)\n\nAndré Bargull discovered that non-configurable properties on javascript\nobjects could be redefined when parsing JSON. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to bypass same-origin restrictions. (CVE-2015-4478)\n\nMultiple integer overflows were discovered in libstagefright. If a user\nwere tricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2015-4479, CVE-2015-4480, CVE-2015-4493)\n\nJukka Jylänki discovered a crash that occurs because javascript does not\nproperly gate access to Atomics or SharedArrayBuffers in some\ncircumstances. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice. (CVE-2015-4484)\n\nAbhishek Arya discovered 2 buffer overflows in libvpx when decoding\nmalformed WebM content in some circumstances. If a user were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit these to cause a denial of service via application crash, or\nexecute arbitrary code with the privileges of the user invoking Firefox.\n(CVE-2015-4485, CVE-2015-4486)\n\nRonald Crane reported 3 security issues. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit these, in combination with another security vulnerability, to\ncause a denial of service via application crash, or execute arbitrary\ncode with the privileges of the user invoking Firefox. (CVE-2015-4487,\nCVE-2015-4488, CVE-2015-4489)\n\nChristoph Kerschbaumer discovered an issue with Mozilla's implementation\nof Content Security Policy (CSP), which could allow for a more permissive\nusage in some cirucumstances. An attacker could potentially exploit this\nto conduct cross-site scripting (XSS) attacks. (CVE-2015-4490)\n\nGustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash or execute arbitrary code with the priviliges of the user invoking\nFirefox. (CVE-2015-4491)\n\nLooben Yang discovered a use-after-free when using XMLHttpRequest with\nshared workers in some circumstances. If a user were tricked in to opening\na specially crafted website, an attacker could potentially exploit this to\ncause a denial of service via application crash or execute arbitrary code\nwith the priviliges of the user invoking Firefox. (CVE-2015-4492)\n","modified":"2026-04-22T09:14:53.790261Z","published":"2015-08-11T18:34:39Z","related":["UBUNTU-CVE-2015-4473","UBUNTU-CVE-2015-4474","UBUNTU-CVE-2015-4475","UBUNTU-CVE-2015-4477","UBUNTU-CVE-2015-4478","UBUNTU-CVE-2015-4479","UBUNTU-CVE-2015-4480","UBUNTU-CVE-2015-4484","UBUNTU-CVE-2015-4485","UBUNTU-CVE-2015-4486","UBUNTU-CVE-2015-4487","UBUNTU-CVE-2015-4488","UBUNTU-CVE-2015-4489","UBUNTU-CVE-2015-4490","UBUNTU-CVE-2015-4491","UBUNTU-CVE-2015-4492","UBUNTU-CVE-2015-4493"],"upstream":["CVE-2015-4473","CVE-2015-4474","CVE-2015-4475","CVE-2015-4477","CVE-2015-4478","CVE-2015-4479","CVE-2015-4480","CVE-2015-4484","CVE-2015-4485","CVE-2015-4486","CVE-2015-4487","CVE-2015-4488","CVE-2015-4489","CVE-2015-4490","CVE-2015-4491","CVE-2015-4492","CVE-2015-4493","UBUNTU-CVE-2015-4473","UBUNTU-CVE-2015-4474","UBUNTU-CVE-2015-4475","UBUNTU-CVE-2015-4477","UBUNTU-CVE-2015-4478","UBUNTU-CVE-2015-4479","UBUNTU-CVE-2015-4480","UBUNTU-CVE-2015-4484","UBUNTU-CVE-2015-4485","UBUNTU-CVE-2015-4486","UBUNTU-CVE-2015-4487","UBUNTU-CVE-2015-4488","UBUNTU-CVE-2015-4489","UBUNTU-CVE-2015-4490","UBUNTU-CVE-2015-4491","UBUNTU-CVE-2015-4492","UBUNTU-CVE-2015-4493"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2702-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-4473"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-4474"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-4475"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-4477"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-4478"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-4479"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-4480"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-4484"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-4485"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-4486"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-4487"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-4488"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-4489"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-4490"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-4491"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-4492"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-4493"}],"affected":[{"package":{"name":"firefox","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/firefox@40.0+build4-0ubuntu0.14.04.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"40.0+build4-0ubuntu0.14.04.1"}]}],"versions":["24.0+build1-0ubuntu1","25.0+build3-0ubuntu0.13.10.1","28.0~b2+build1-0ubuntu2","28.0+build1-0ubuntu1","28.0+build2-0ubuntu1","28.0+build2-0ubuntu2","29.0+build1-0ubuntu0.14.04.2","30.0+build1-0ubuntu0.14.04.3","31.0+build1-0ubuntu0.14.04.1","32.0+build1-0ubuntu0.14.04.1","32.0.3+build1-0ubuntu0.14.04.1","33.0+build2-0ubuntu0.14.04.1","34.0+build2-0ubuntu0.14.04.1","35.0+build3-0ubuntu0.14.04.2","35.0.1+build1-0ubuntu0.14.04.1","36.0+build2-0ubuntu0.14.04.4","36.0.1+build2-0ubuntu0.14.04.1","36.0.4+build1-0ubuntu0.14.04.1","37.0+build2-0ubuntu0.14.04.1","37.0.1+build1-0ubuntu0.14.04.1","37.0.2+build1-0ubuntu0.14.04.1","38.0+build3-0ubuntu0.14.04.1","39.0+build5-0ubuntu0.14.04.1","39.0.3+build2-0ubuntu0.14.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"40.0+build4-0ubuntu0.14.04.1","binary_name":"firefox"},{"binary_version":"40.0+build4-0ubuntu0.14.04.1","binary_name":"firefox-globalmenu"},{"binary_version":"40.0+build4-0ubuntu0.14.04.1","binary_name":"firefox-mozsymbols"},{"binary_version":"40.0+build4-0ubuntu0.14.04.1","binary_name":"firefox-testsuite"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2015-4473","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-4474","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-4475","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-4477","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-4478","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-4479","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-4480","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-4484","severity":[{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2015-4485","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-4486","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-4487","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-4488","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-4489","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-4490","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-4491","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-4492","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-4493","severity":[{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:14.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2702-1.json"}}],"schema_version":"1.7.5"}