CVE-2015-0806

2015-04-0110:59:00

CWE-17

[email protected]

web.nvd.nist.gov

cve-2015-0806

mozilla firefox

omtc

memset

memory corruption

remote code execution

nvd

security vulnerability

9.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.044 Low

EPSS

Percentile

92.3%

JSON

The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 attempts to use memset for a memory region of negative length during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors that trigger rendering of 2D graphics content.

CPENameOperatorVersion
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04
mozilla:firefoxmozilla firefoxle36.0.4
opensuse:opensuseopensuseeq13.1
opensuse:opensuseopensuseeq13.2

CPE	Name	Operator	Version
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.04
mozilla:firefox	mozilla firefox	le	36.0.4
opensuse:opensuse	opensuse	eq	13.1
opensuse:opensuse	opensuse	eq	13.2