Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-4503

Опубликовано: 22 сент. 2015
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS application.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5firefoxNot affected
Red Hat Enterprise Linux 5thunderbirdNot affected
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 6thunderbirdNot affected
Red Hat Enterprise Linux 7firefoxNot affected
Red Hat Enterprise Linux 7thunderbirdNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1265591Mozilla: Memory leak in mozTCPSocket to servers (MFSA 2015-97)

EPSS

Процентиль: 69%
0.00629
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-4503

ubuntu
почти 10 лет назад

The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS application.

nvd логотип

CVE-2015-4503

nvd
почти 10 лет назад

The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS application.

debian логотип

CVE-2015-4503

debian
почти 10 лет назад

The TCP Socket API implementation in Mozilla Firefox before 41.0 misha ...

github логотип

GHSA-wxv2-7x8x-wpcq

github
около 3 лет назад

The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS application.

fstec логотип

BDU:2015-11511

fstec
почти 10 лет назад

Уязвимость браузера Firefox, позволяющая нарушителю получить доступ к защищаемой информации из памяти процесса

EPSS

Процентиль: 69%
0.00629
Низкий

4.3 Medium

CVSS2