[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-0813Date: (C)2015-04-08   (M)2023-12-22


Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.1
Exploit Score: 4.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1031996
SECTRACK-1032000
BID-73463
DSA-3211
DSA-3212
GLSA-201512-10
RHSA-2015:0766
RHSA-2015:0771
SUSE-SU-2015:0704
USN-2550-1
USN-2552-1
http://www.mozilla.org/security/announce/2015/mfsa2015-31.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1106596
openSUSE-SU-2015:0677
openSUSE-SU-2015:0892
openSUSE-SU-2015:1266

CPE    4
cpe:/a:mozilla:firefox_esr
cpe:/a:mozilla:thunderbird
cpe:/o:linux:linux_kernel
cpe:/a:mozilla:firefox
...
OVAL    19
oval:org.secpod.oval:def:1500967
oval:org.secpod.oval:def:1500977
oval:org.secpod.oval:def:702491
oval:org.secpod.oval:def:602025
...

© SecPod Technologies