Miscellaneous memory safety hazards (rv:43.0 / rv:38.5) — Mozilla

2015-12-1500:00:00

Mozilla Foundation

www.mozilla.org

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.051 Low

EPSS

Percentile

93.0%

JSON

Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

Affected configurations

Vulners

Node

mozillafirefoxRange<43

mozillafirefox_esrRange<38.5

mozillafirefox_osRange<2.5

mozillathunderbirdRange<38.5

CPENameOperatorVersion
firefoxlt43
firefox esrlt38.5
firefox oslt2.5
thunderbirdlt38.5

Name	Operator	Version
firefox	lt	43
firefox esr	lt	38.5
firefox os	lt	2.5
thunderbird	lt	38.5

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7201

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7202

bugzilla.mozilla.org/buglist.cgi?bug_id=1193757,1193999,1194002,1194006, 1207571,1212305,1207571,1221421,1221904,1188105,1208059,1219330,1197012,1200580

bugzilla.mozilla.org/buglist.cgi?bug_id=1203135,1225250,1224100