CVE-2015-0823

2015-02-2511:59:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2015-0823

opentype sanitiser

mozilla firefox

use-after-free vulnerabilities

remote attackers

macro expansion

ots::ots_gasp_parse function

nvd

9.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.1%

JSON

Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the ots::ots_gasp_parse function.

CPENameOperatorVersion
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04
opentype_sanitiser_project:opentype_sanitiseropentype sanitiser project opentype sanitisereq*
mozilla:firefoxmozilla firefoxeq13.0.1
mozilla:firefoxmozilla firefoxeq14.0.1
mozilla:firefoxmozilla firefoxeq18.0
mozilla:firefoxmozilla firefoxeq0.1
mozilla:firefoxmozilla firefoxeq10.0.7
mozilla:firefoxmozilla firefoxeq4.0

CPE	Name	Operator	Version
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.04
opentype_sanitiser_project:opentype_sanitiser	opentype sanitiser project opentype sanitiser	eq	*
mozilla:firefox	mozilla firefox	eq	13.0.1
mozilla:firefox	mozilla firefox	eq	14.0.1
mozilla:firefox	mozilla firefox	eq	18.0
mozilla:firefox	mozilla firefox	eq	0.1
mozilla:firefox	mozilla firefox	eq	10.0.7
mozilla:firefox	mozilla firefox	eq	4.0