Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0803

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2015-0803
Last Modified 03 Jun 2015 10:02:29
Published 01 Apr 2015 06:59:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-0803

Summary

The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document.

Vulnerable Systems

Application

  • Mozilla Firefox 36.0.4


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=1134561

CONFIRM - http://www.mozilla.org/security/announce/2015/mfsa2015-39.html

UBUNTU - USN-2550-1

SECTRACK - 1031996

SUSE - openSUSE-SU-2015:0677

Related Patches

Mozilla Firefox 37.0 for Mac OS X (See Notes)


Last Updated: 27 May 2016 11:08:18