Lucene search

[email protected]CVE-2015-4503

HistorySep 24, 2015 - 4:59 a.m.

CVE-2015-4503

2015-09-2404:59:06

CWE-200

[email protected]

web.nvd.nist.gov

mozilla

firefox

tcp socket api

security

cve-2015-4503

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.8%

JSON

The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS application.

Affected configurations

NVD

Node

mozillafirefoxRange≤40.0.3

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle40.0.3

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	40.0.3

References

lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html

lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html

www.mozilla.org/security/announce/2015/mfsa2015-97.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.securityfocus.com/bid/76815

www.securitytracker.com/id/1033640

bugzilla.mozilla.org/show_bug.cgi?id=994337

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.8%

JSON

Related for CVE-2015-4503

ubuntucve1 prion1 cvelist1 openvas5 nvd1 mozilla1 kaspersky2 suse2 nessus4 freebsd1 securityvulns1