CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
94.8%
Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data.
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | seamonkey | * | cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* |
mozilla | firefox_esr | 31.0 | cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:* |
mozilla | firefox_esr | 31.1.0 | cpe:2.3:a:mozilla:firefox_esr:31.1.0:*:*:*:*:*:*:* |
mozilla | firefox_esr | 31.1.1 | cpe:2.3:a:mozilla:firefox_esr:31.1.1:*:*:*:*:*:*:* |
mozilla | firefox_esr | 31.2 | cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:* |
mozilla | firefox_esr | 31.3.0 | cpe:2.3:a:mozilla:firefox_esr:31.3.0:*:*:*:*:*:*:* |
mozilla | firefox | * | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
linux.oracle.com/errata/ELSA-2015-0046.html
lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html
lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html
lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html
lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html
lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html
rhn.redhat.com/errata/RHSA-2015-0046.html
secunia.com/advisories/62237
secunia.com/advisories/62242
secunia.com/advisories/62250
secunia.com/advisories/62253
secunia.com/advisories/62273
secunia.com/advisories/62293
secunia.com/advisories/62313
secunia.com/advisories/62316
secunia.com/advisories/62418
secunia.com/advisories/62446
secunia.com/advisories/62790
www.debian.org/security/2015/dsa-3127
www.mozilla.org/security/announce/2014/mfsa2015-06.html
www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
www.securityfocus.com/bid/72044
www.securitytracker.com/id/1031533
bugzilla.mozilla.org/show_bug.cgi?id=1108455
exchange.xforce.ibmcloud.com/vulnerabilities/99961
security.gentoo.org/glsa/201504-01