[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-2712Date: (C)2015-06-08   (M)2024-03-27


The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped, which allows remote attackers to trigger out-of-bounds write operations and possibly execute arbitrary code, or trigger out-of-bounds read operations and possibly obtain sensitive information from process memory, via crafted JavaScript.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-74611
GLSA-201605-06
USN-2602-1
http://www.mozilla.org/security/announce/2015/mfsa2015-50.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1152280
openSUSE-SU-2015:0934

CPE    3
cpe:/o:novell:opensuse:13.2
cpe:/o:novell:opensuse:13.1
cpe:/a:mozilla:firefox:37.0.2
CWE    1
CWE-119
OVAL    6
oval:org.secpod.oval:def:24723
oval:org.secpod.oval:def:24728
oval:org.secpod.oval:def:52475
oval:org.secpod.oval:def:702549
...

© SecPod Technologies