[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Thu Jan 7 05:21:02 PST 2016
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 469 Published: Thu, 07 Jan 2016 02:54:07 GMT
New Fixlets:
============
***************************************************************
Title: Use-after-free in Content Policy due to microtask execution error
Severity: High
Fixlet ID: 31002
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A310
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2731
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allows remote attackers to execute arbitrary code by leveraging client-side JavaScript that triggers removal of a DOM object on the basis of a Content Policy.
More information about the WinVulns-Announcements
mailing list