Lucene search

Mozilla FoundationMFSA2015-38

HistoryMar 31, 2015 - 12:00 a.m.

Memory corruption crashes in Off Main Thread Compositing — Mozilla

2015-03-3100:00:00

Mozilla Foundation

www.mozilla.org

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.044 Low

EPSS

Percentile

92.3%

JSON

Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover two memory corruption crashes during 2D graphics rendering due to problems in Off Main Thread Compositing. These crashes are potentially exploitable.

CPENameOperatorVersion
firefoxlt37
firefox oslt2.2
seamonkeylt2.35

Name	Operator	Version
firefox	lt	37
firefox os	lt	2.2
seamonkey	lt	2.35

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0805

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0806

bugzilla.mozilla.org/show_bug.cgi?id=1099437

bugzilla.mozilla.org/show_bug.cgi?id=1135511

wiki.mozilla.org/Platform/GFX/OffMainThreadCompositing

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.044 Low

EPSS

Percentile

92.3%

JSON

Related for MFSA2015-38