Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-xnzh-y88g-guhd
Vulnerability ID VCID-xnzh-y88g-guhd
Aliases CVE-2015-4516
Summary Mozilla developer Jeff Walden reported that in Gecko's implementation of ECMAScript 5 API's enforces non-configurable properties with logic specific to each API. Scripts that do not go through these APIs can bypass these protections and make changes to the immutable properties in violation of security protections. This could potentially allow for web content to run in a privileged context leading to arbitrary code execution.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-250 Execution with Unnecessary Privileges
System Score Found at
epss 0.01352 https://api.first.org/data/v1/epss?cve=CVE-2015-4516
epss 0.01352 https://api.first.org/data/v1/epss?cve=CVE-2015-4516
epss 0.01352 https://api.first.org/data/v1/epss?cve=CVE-2015-4516
epss 0.01352 https://api.first.org/data/v1/epss?cve=CVE-2015-4516
epss 0.01352 https://api.first.org/data/v1/epss?cve=CVE-2015-4516
epss 0.01352 https://api.first.org/data/v1/epss?cve=CVE-2015-4516
epss 0.01352 https://api.first.org/data/v1/epss?cve=CVE-2015-4516
epss 0.01352 https://api.first.org/data/v1/epss?cve=CVE-2015-4516
epss 0.01352 https://api.first.org/data/v1/epss?cve=CVE-2015-4516
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2015-109
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4516.json
https://api.first.org/data/v1/epss?cve=CVE-2015-4516
1265775 https://bugzilla.redhat.com/show_bug.cgi?id=1265775
CVE-2015-4516 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4516
mfsa2015-109 https://www.mozilla.org/en-US/security/advisories/mfsa2015-109
USN-2743-1 https://usn.ubuntu.com/2743-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.80053
EPSS Score 0.01352
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:18:29.897764+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2015/mfsa2015-109.md 38.0.0