cpe:/a:mozilla:firefox:39.0.3 cpe:/a:mozilla:firefox_esr:38.0 cpe:/a:mozilla:firefox_esr:38.0.1 cpe:/a:mozilla:firefox_esr:38.0.5 cpe:/a:mozilla:firefox_esr:38.1.0 cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~ cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~ cpe:/o:canonical:ubuntu_linux:15.04 cpe:/o:novell:opensuse:13.1 cpe:/o:novell:opensuse:13.2 CVE-2015-4475 2015-08-15T21:59:03.427-04:00 2016-12-23T21:59:17.087-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2015-08-26T10:54:21.307-04:00 SECTRACK 1033247 BID 76294 GENTOO GLSA-201605-06 REDHAT RHSA-2015:1586 SUSE SUSE-SU-2015:1449 SUSE SUSE-SU-2015:1528 SUSE SUSE-SU-2015:2081 UBUNTU USN-2702-1 UBUNTU USN-2702-2 UBUNTU USN-2702-3 CONFIRM http://www.mozilla.org/security/announce/2015/mfsa2015-80.html CONFIRM http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=1175396 SUSE openSUSE-SU-2015:1389 SUSE openSUSE-SU-2015:1390 SUSE openSUSE-SU-2015:1453 SUSE openSUSE-SU-2015:1454 The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file.