CVE-2015-2731

Publication date 5 July 2015

Last updated 24 July 2024

Ubuntu priority

Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allows remote attackers to execute arbitrary code by leveraging client-side JavaScript that triggers removal of a DOM object on the basis of a Content Policy.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
firefox	15.04 vivid	Fixed 39.0+build5-0ubuntu0.15.04.1
	14.10 utopic	Fixed 39.0+build5-0ubuntu0.14.10.1
	14.04 LTS trusty	Fixed 39.0+build5-0ubuntu0.14.04.1
	12.04 LTS precise	Fixed 39.0+build5-0ubuntu0.12.04.2
thunderbird	15.04 vivid	Fixed 1:31.8.0+build1-0ubuntu0.15.04.1
	14.10 utopic	Fixed 1:31.8.0+build1-0ubuntu0.14.10.1
	14.04 LTS trusty	Fixed 1:31.8.0+build1-0ubuntu0.14.04.1
	12.04 LTS precise	Fixed 1:31.8.0+build1-0ubuntu0.12.04.1

CVE-2015-2731

Status

References

Related Ubuntu Security Notices (USN)

Other references