ID CVE-2015-2706
Summary Race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent function in Mozilla Firefox before 37.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted plugin that does not properly complete initialization.
References
Vulnerable Configurations
  • Mozilla Firefox 37.0.1
    cpe:2.3:a:mozilla:firefox:37.0.1
CVSS
Base: 6.8 (as of 27-04-2015 - 14:22)
Impact:
Exploitability:
CWE CWE-362
CAPEC
  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_738FC80D5F134CCBAA9A7965699E5A10.NASL
    description The Mozilla Project reports : MFSA 2015-45 Memory corruption during failed plugin initialization
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 82906
    published 2015-04-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82906
    title FreeBSD : mozilla -- use-after-free (738fc80d-5f13-4ccb-aa9a-7965699e5a10)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_37_0_2.NASL
    description The version of Firefox installed on the remote Mac OS X host is prior to 37.0.2. It is, therefore, affected by a use-after-free error, related to the AsyncPaintWaitEvent() method, due to a race condition caused when plugin initialization fails. A remote attacker, using a crafted web page, can exploit this to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 82997
    published 2015-04-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82997
    title Firefox < 37.0.2 Failed Plugin Memory Corruption (Mac OS X)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-325.NASL
    description Mozilla Firefox was updated to 37.0.2 to fix one security issue. The following vulnerability was fixed : - CVE-2015-2706 Memory corruption during failed plugin initialization (bmo#1141081 MFSA 2015-45 bnc#928116)
    last seen 2019-02-21
    modified 2015-05-16
    plugin id 83084
    published 2015-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83084
    title openSUSE Security Update : Mozille Firefox (openSUSE-2015-325)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-326.NASL
    description Mozilla Firefox was updated to 37.0.2 to fix one security issue. The following vulnerability was fixed : - CVE-2015-2706: Memory corruption during failed plugin initialization (bmo#1141081 MFSA 2015-45 bnc#928116)
    last seen 2019-02-21
    modified 2015-05-16
    plugin id 83085
    published 2015-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83085
    title openSUSE Security Update : Mozille Firefox (openSUSE-2015-326)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_37_0_2.NASL
    description The version of Firefox installed on the remote Windows host is prior to 37.0.2. It is, therefore, affected by a use-after-free error, related to the AsyncPaintWaitEvent() method, due to a race condition caused when plugin initialization fails. A remote attacker, using a crafted web page, can exploit this to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 82998
    published 2015-04-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82998
    title Firefox < 37.0.2 Failed Plugin Memory Corruption
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2571-1.NASL
    description Robert Kaiser discovered a use-after-free during plugin initialization in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2706). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 83086
    published 2015-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83086
    title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : firefox vulnerability (USN-2571-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201512-10.NASL
    description The remote host is affected by the vulnerability described in GLSA-201512-10 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-11-11
    plugin id 87710
    published 2016-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87710
    title GLSA-201512-10 : Mozilla Products: Multiple vulnerabilities (Bar Mitzvah) (Logjam)
refmap via4
bid 74247
confirm
gentoo GLSA-201512-10
sectrack 1032171
suse
  • openSUSE-SU-2015:0761
  • openSUSE-SU-2015:0763
ubuntu USN-2571-1
Last major update 07-12-2016 - 13:10
Published 27-04-2015 - 07:59
Back to Top