Lucene search
Mozilla FoundationMFSA2015-80HistoryAug 11, 2015 - 12:00 a.m.
Out-of-bounds read with malformed MP3 file — Mozilla
2015-08-1100:00:00
Mozilla Foundation
www.mozilla.org
10
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.055 Low
EPSS
Percentile
93.3%
Security researcher Aki Helin used the Address Sanitizer tool to discover an out-of-bounds read during playback of a malformed MP3 format audio file which switches sample formats. This could trigger a potentially exploitable crash or the reading of out-of-bounds memory content in some circumstances.
Affected configurations
Node
mozillafirefoxRange<40
ORmozillafirefox_esrRange<38.2
ORmozillafirefox_osRange<2.5
ORmozillaseamonkeyRange<2.35
| CPE | Name | Operator | Version |
|---|---|---|---|
| firefox | lt | 40 | |
| firefox esr | lt | 38.2 | |
| firefox os | lt | 2.5 | |
| seamonkey | lt | 2.35 |
Related
cve
cve
CVE-2015-4475
2015-08-16 01:59:03
prion
prion
Out-of-bounds
2015-08-16 01:59:00
nvd
nvd
CVE-2015-4475
2015-08-16 01:59:03
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2015-80) - Linux
2021-11-11 00:00:00
Ubuntu: Security Advisory (USN-2702-3)
2015-08-21 00:00:00
Ubuntu: Security Advisory (USN-2702-2)
2015-08-12 00:00:00
cvelist
cvelist
CVE-2015-4475
2015-08-16 01:00:00
ubuntucve
ubuntucve
CVE-2015-4475
2015-08-11 00:00:00
redhat
redhat
(RHSA-2015:1586) Critical: firefox security update
2015-08-11 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 05:41:46
Use-after-free Vulnerability
2019-05-02 05:42:03
Arbitrary Code Execution
2019-05-02 05:41:48
nessus
nessus
Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20150811)
2015-08-12 00:00:00
RHEL 5 / 6 / 7 : firefox (RHSA-2015:1586)
2015-08-12 00:00:00
oraclelinux
oraclelinux
firefox security update
2015-08-11 00:00:00
centos
centos
firefox security update
2015-08-11 20:36:44
mageia
mageia
Updated firefox packages fixes security vulnerabilities
2015-08-11 23:22:53
suse
suse
Security update for MozillaFirefox, mozilla-nss (important)
2015-09-10 17:10:07
Security update for MozillaFirefox, mozilla-nss (important)
2015-09-02 12:10:07
Security update for MozillaFirefox (important)
2015-08-14 19:09:37
ubuntu
ubuntu
Firefox regression
2015-08-20 00:00:00
Ubufox update
2015-08-11 00:00:00
Firefox vulnerabilities
2015-08-11 00:00:00
archlinux
archlinux
firefox: multiple issues
2015-08-12 00:00:00
kaspersky
kaspersky
KLA10643 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2015-08-11 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-08-11 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Firefox affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance
2018-06-17 22:30:13
Security Bulletin: Multiple vulnerabilities of Mozilla Firefox in IBM Storwize V7000 Unified
2018-06-18 00:09:54
Security Bulletin: Mozilla Firefox vulnerability issues in IBM SONAS
2018-06-18 00:09:55
securityvulns
securityvulns
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2016-05-31 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.055 Low
EPSS
Percentile
93.3%
Related for MFSA2015-80