Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-0817

Опубликовано: 21 мар. 2015
Источник: redhat
CVSS2: 6.8
EPSS Низкий

Описание

The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript.

Отчет

This issue does not affect the version of thunderbird package as shipped with Red Hat Enterprise Linux 5, 6 and 7.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5thunderbirdNot affected
Red Hat Enterprise Linux 6thunderbirdNot affected
Red Hat Enterprise Linux 7thunderbirdNot affected
Red Hat Enterprise Linux 5firefoxFixedRHSA-2015:071824.03.2015
Red Hat Enterprise Linux 6firefoxFixedRHSA-2015:071824.03.2015
Red Hat Enterprise Linux 7firefoxFixedRHSA-2015:071824.03.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Critical
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=1204362Mozilla: Code execution through incorrect JavaScript bounds checking elimination (MFSA 2015-29)

EPSS

Процентиль: 88%
0.03906
Низкий

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-0817

ubuntu
больше 10 лет назад

The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript.

nvd логотип

CVE-2015-0817

nvd
больше 10 лет назад

The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript.

debian логотип

CVE-2015-0817

debian
больше 10 лет назад

The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ES ...

github логотип

GHSA-4rw7-7wpq-7g64

github
больше 3 лет назад

The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript.

fstec логотип

BDU:2015-09817

fstec
больше 10 лет назад

Уязвимость программного обеспечения SeaMonkey, позволяющая удаленному злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании

EPSS

Процентиль: 88%
0.03906
Низкий

6.8 Medium

CVSS2