Search for vulnerabilities
| Vulnerability ID | VCID-uwy4-4nv5-q3ap |
| Aliases |
CVE-2015-4497
|
| Summary | Mozilla community member Jean-Max Reymond discovered a use-after-free vulnerability with a <canvas> element on a page. This occurs when a resize event is triggered in concert with style changes but the canvas references have been recreated in the meantime, destroying the originally referenced context. This results in an exploitable crash.Ucha Gobejishvili, working with HP's Zero Day Initiative, subsequently reported this same issue. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 9.0 |
| Risk | 4.5 |
| Affected and Fixed Packages | Package Details |
| CWE-416 | Use After Free |
| Reference id | Reference type | URL |
|---|---|---|
| https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4497.json | ||
| https://api.first.org/data/v1/epss?cve=CVE-2015-4497 | ||
| 1257276 | https://bugzilla.redhat.com/show_bug.cgi?id=1257276 | |
| CVE-2015-4497 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4497 | |
| mfsa2015-94 | https://www.mozilla.org/en-US/security/advisories/mfsa2015-94 | |
| RHSA-2015:1693 | https://access.redhat.com/errata/RHSA-2015:1693 | |
| USN-2723-1 | https://usn.ubuntu.com/2723-1/ |
| Percentile | 0.86146 |
| EPSS Score | 0.0304 |
| Published At | Aug. 6, 2025, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2025-07-31T08:10:51.520293+00:00 | Mozilla Importer | Import | https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2015/mfsa2015-94.md | 37.0.0 |