Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments.
2015-12-16T11:59:03.927
2025-04-12T10:46:40.837
Deferred
CVSSv2: 6.8 (MEDIUM)
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.6
6.4
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Operating System | opensuse | leap | 42.1 | Yes |
Operating System | opensuse | opensuse | 13.1 | Yes |
Operating System | opensuse | opensuse | 13.2 | Yes |
Operating System | fedoraproject | fedora | 22 | Yes |
Operating System | fedoraproject | fedora | 23 | Yes |
Application | mozilla | firefox | ≤ 42.0 | Yes |
Application | mozilla | firefox | 41.0 | Yes |
Application | mozilla | firefox | 41.0.1 | Yes |
Application | mozilla | firefox | 41.0.2 | Yes |