Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0817

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2015-0817
Last Modified 02 Apr 2015 10:00:28
Published 23 Mar 2015 08:59:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-0817

Summary

The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript.

Vulnerable Systems

Application

  • Mozilla Firefox 36.0.1

  • Mozilla Firefox Esr 31.0

  • Mozilla Firefox Esr 31.1

  • Mozilla Firefox Esr 31.1.0

  • Mozilla Firefox Esr 31.1.1

  • Mozilla Firefox Esr 31.2

  • Mozilla Firefox Esr 31.3

  • Mozilla Firefox Esr 31.3.0

  • Mozilla Firefox Esr 31.4

  • Mozilla Firefox Esr 31.5

  • Mozilla Firefox Esr 31.5.1

  • Mozilla Seamonkey 2.33.0


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=1145255

CONFIRM - http://www.mozilla.org/security/announce/2015/mfsa2015-29.html

UBUNTU - USN-2538-1

SECTRACK - 1031958

DEBIAN - DSA-3201

REDHAT - RHSA-2015:0718

SUSE - openSUSE-SU-2015:0567

SUSE - SUSE-SU-2015:0593

SUSE - openSUSE-SU-2015:0636

SUSE - SUSE-SU-2015:0630

Related Patches

Mozilla Firefox 36.0.4 for Mac OS X (See Notes)

Mozilla Firefox 31.5.3 ESR for Mac OS X (See Notes)


Last Updated: 27 May 2016 11:08:17