Unrated severityNVD Advisory· Published Aug 16, 2015· Updated May 6, 2026

CVE-2015-4488

Description

Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment.

Affected products

Mozilla Corporation/Firefox5 versions
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=39.0.3
- cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*
Canonical (company)/Ubuntu Linux3 versions
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
Mozilla Corporation/Firefox Os
cpe:2.3:o:mozilla:firefox_os:2.1.0:*:*:*:*:*:*:*
OpenSUSE/openSUSE2 versions
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Oracle Corporation/Solaris
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.htmlnvdThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.htmlnvdThird Party Advisory
www.mozilla.org/security/announce/2015/mfsa2015-90.htmlnvdVendor Advisory
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlnvdThird Party Advisory
www.ubuntu.com/usn/USN-2702-1nvdThird Party Advisory
www.ubuntu.com/usn/USN-2702-2nvdThird Party Advisory
bugzilla.mozilla.org/show_bug.cginvdIssue Tracking
lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.htmlnvd
lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.htmlnvd
lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.htmlnvd
lists.opensuse.org/opensuse-updates/2015-08/msg00030.htmlnvd
lists.opensuse.org/opensuse-updates/2015-08/msg00031.htmlnvd
rhn.redhat.com/errata/RHSA-2015-1586.htmlnvd
rhn.redhat.com/errata/RHSA-2015-1682.htmlnvd
www.debian.org/security/2015/dsa-3333nvd
www.debian.org/security/2015/dsa-3410nvd
www.securitytracker.com/id/1033247nvd
www.securitytracker.com/id/1033372nvd
www.ubuntu.com/usn/USN-2702-3nvd
www.ubuntu.com/usn/USN-2712-1nvd
security.gentoo.org/glsa/201605-06nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000