Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-0803

Опубликовано: 31 мар. 2015
Источник: redhat
CVSS2: 6.8
EPSS Низкий

Описание

The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document.

Отчет

This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5firefoxNot affected
Red Hat Enterprise Linux 5thunderbirdNot affected
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 6thunderbirdNot affected
Red Hat Enterprise Linux 7firefoxNot affected
Red Hat Enterprise Linux 7thunderbirdNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Critical
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1207081Mozilla: Use-after-free due to type confusion flaws (MFSA 2015-39)

EPSS

Процентиль: 82%
0.01674
Низкий

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-0803

ubuntu
почти 11 лет назад

The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document.

nvd логотип

CVE-2015-0803

nvd
почти 11 лет назад

The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document.

debian логотип

CVE-2015-0803

debian
почти 11 лет назад

The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before ...

github логотип

GHSA-4gmg-5g4q-8pp3

github
больше 3 лет назад

The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document.

fstec логотип

BDU:2015-09898

fstec
почти 11 лет назад

Уязвимость браузера Firefox, позволяющая удалённому злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании

EPSS

Процентиль: 82%
0.01674
Низкий

6.8 Medium

CVSS2