CVE-2015-4503
Firefox < 40.0.3 - Information Disclosure via TCP Socket API
Title source: llmDescription
The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS application.
References (7)
Core 7
Core References
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2015/mfsa2015-97.html
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/76815
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033640
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=994337
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html
Scores
EPSS
0.0057
EPSS Percentile
69.0%
Details
CWE
CWE-200
Status
published
Products (1)
mozilla/firefox
< 40.0.3
Published
Sep 24, 2015
Tracked Since
Feb 18, 2026