Vulnerability CVE-2015-0817
Published: 2015-03-23   Modified: 2015-03-24

Description:
The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript.

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Mozilla -> Firefox 
Mozilla -> Firefox esr 
Mozilla -> Seamonkey 

 References:
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00029.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00035.html
http://lists.opensuse.org/opensuse-updates/2015-03/msg00096.html
http://rhn.redhat.com/errata/RHSA-2015-0718.html
http://www.debian.org/security/2015/dsa-3201
http://www.mozilla.org/security/announce/2015/mfsa2015-29.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.securityfocus.com/bid/73263
http://www.securitytracker.com/id/1031958
http://www.ubuntu.com/usn/USN-2538-1
https://bugzilla.mozilla.org/show_bug.cgi?id=1145255
https://security.gentoo.org/glsa/201504-01
Copyright 2024, cxsecurity.com

 

Back to Top