[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-2728Date: (C)2015-07-08   (M)2024-03-27


The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a "type confusion" issue.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1032783
BID-75541
DSA-3300
GLSA-201512-10
RHSA-2015:1207
SUSE-SU-2015:1268
SUSE-SU-2015:1269
SUSE-SU-2015:1449
USN-2656-1
USN-2656-2
http://www.mozilla.org/security/announce/2015/mfsa2015-61.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1142210
openSUSE-SU-2015:1229
openSUSE-SU-2015:1266

CPE    15
cpe:/a:mozilla:firefox_esr:31.5
cpe:/a:mozilla:firefox_esr:31.4
cpe:/a:mozilla:firefox_esr:38.0
cpe:/o:novell:suse_linux_enterprise_desktop:12.0
...
OVAL    16
oval:org.secpod.oval:def:25594
oval:org.secpod.oval:def:203663
oval:org.secpod.oval:def:25595
oval:org.secpod.oval:def:203661
...

© SecPod Technologies