Oval Definition:	oval:org.cisecurity:def:310
Revision Date: 2016-02-08 Version: 11 Title: Use-after-free in Content Policy due to microtask execution error Description: Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allows remote attackers to execute arbitrary code by leveraging client-side JavaScript that triggers removal of a DOM object on the basis of a Content Policy. Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2015-2731 Platform(s): Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP Product(s): Mozilla Firefox Mozilla Firefox ESR Mozilla SeaMonkey Mozilla Thunderbird Definition Synopsis Mozilla Firefox Mainline release is installed + version Mozilla Firefox Mainline release is installed AND Mozilla Firefox Mainline version less than 39.0 OR Mozilla Firefox ESR is installed + version Mozilla Firefox ESR is installed AND Mozilla Firefox ESR version less than 38.1 OR Mozilla Seamonkey is installed + version Mozilla Seamonkey is installed AND Mozilla Seamonkey version less than 2.35 OR Mozilla Thunderbird Mainline release is installed + version Mozilla Thunderbird Mainline release is installed AND Mozilla Thunderbird version less than 38.1
BACK