Lucene search

[email protected]CVE-2015-7205

HistoryDec 16, 2015 - 11:59 a.m.

CVE-2015-7205

2015-12-1611:59:05

CWE-189

[email protected]

web.nvd.nist.gov

cve-2015-7205

mozilla firefox

rtpreceivervideo

parsertppacket

webrtc

remote attackers

sensitive information

denial of service

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.3%

JSON

Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet.

Affected configurations

NVD

Node

fedoraprojectfedoraMatch22

fedoraprojectfedoraMatch23

Node

mozillafirefox_esrMatch38.0

mozillafirefox_esrMatch38.0.1

mozillafirefox_esrMatch38.0.5

mozillafirefox_esrMatch38.1.0

mozillafirefox_esrMatch38.1.1

mozillafirefox_esrMatch38.2.0

mozillafirefox_esrMatch38.2.1

mozillafirefox_esrMatch38.3.0

mozillafirefox_esrMatch38.4.0

Node

opensuseleapMatch42.1

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

Node

mozillafirefoxRange≤42.0

CPENameOperatorVersion
fedoraproject:fedorafedoraproject fedoraeq22
fedoraproject:fedorafedoraproject fedoraeq23

CPE	Name	Operator	Version
fedoraproject:fedora	fedoraproject fedora	eq	22
fedoraproject:fedora	fedoraproject fedora	eq	23

References

lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html

lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html

lists.opensuse.org/opensuse-updates/2015-12/msg00104.html

lists.opensuse.org/opensuse-updates/2016-02/msg00007.html

lists.opensuse.org/opensuse-updates/2016-02/msg00008.html

rhn.redhat.com/errata/RHSA-2015-2657.html

www.debian.org/security/2015/dsa-3422

www.debian.org/security/2016/dsa-3432

www.mozilla.org/security/announce/2015/mfsa2015-145.html

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

www.securityfocus.com/bid/79279

www.securitytracker.com/id/1034426

www.ubuntu.com/usn/USN-2833-1

www.ubuntu.com/usn/USN-2859-1

bugzilla.mozilla.org/show_bug.cgi?id=1220493

security.gentoo.org/glsa/201512-10

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.3%

JSON

Related for CVE-2015-7205

openvas32 ubuntucve1 mozilla1 prion1 cvelist1 nvd1 nessus29 veracode6 redhat2 oraclelinux2 centos2 archlinux2 ubuntu2 debian2 mageia3 suse5 freebsd1 kaspersky1 gentoo1