CVE-2015-0817

Mozilla Firefox <36.0.3 - Memory Corruption

Title source: llm
STIX 2.1

Description

The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript.

References (13)

Core 13
Core References
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-03/msg00096.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/73263
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201504-01
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3201
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0718.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1031958
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1145255
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2538-1

Scores

EPSS 0.0181
EPSS Percentile 83.1%

Details

CWE
CWE-17
Status published
Products (12)
mozilla/firefox 31.0
mozilla/firefox 31.1.0
mozilla/firefox 31.1.1
mozilla/firefox 31.3.0
mozilla/firefox 31.5.1
mozilla/firefox < 36.0.1
mozilla/firefox_esr 31.1
mozilla/firefox_esr 31.2
mozilla/firefox_esr 31.3
mozilla/firefox_esr 31.4
... and 2 more
Published Mar 24, 2015
Tracked Since Feb 18, 2026