CVE-2015-0813

Firefox < 37.0 and ESR 31.x < 31.6 - Use-After-Free via MP3 File Handling with Fluendo GStreamer Plugin

Title source: llm
STIX 2.1

Description

Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file.

References (17)

Core 17
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/73463
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201512-10
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3212
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032000
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1106596
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3211
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0766.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0771.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1031996
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2552-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2550-1

Scores

EPSS 0.0284
EPSS Percentile 86.4%

Details

Status published
Products (2)
mozilla/firefox < 31.5.3
mozilla/thunderbird < 31.5
Published Apr 01, 2015
Tracked Since Feb 18, 2026