[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-0817Date: (C)2015-04-08   (M)2024-03-27


The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1031958
BID-73263
DSA-3201
GLSA-201504-01
RHSA-2015:0718
SUSE-SU-2015:0593
SUSE-SU-2015:0630
USN-2538-1
http://www.mozilla.org/security/announce/2015/mfsa2015-29.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1145255
openSUSE-SU-2015:0567
openSUSE-SU-2015:0636

CPE    12
cpe:/a:mozilla:firefox_esr:31.5
cpe:/a:mozilla:firefox_esr:31.4
cpe:/a:mozilla:firefox_esr:31.1.0
cpe:/a:mozilla:firefox_esr:31.5.1
...
CWE    1
CWE-17
OVAL    15
oval:org.secpod.oval:def:1500955
oval:org.secpod.oval:def:204231
oval:org.secpod.oval:def:52430
oval:org.secpod.oval:def:203600
...

© SecPod Technologies