CVE-2015-7178
Firefox < 41.0 - Remote Code Execution via Shader Access Mishandling
Title source: llmDescription
The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content.
References (8)
Core 8
Core References
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2015/mfsa2015-113.html
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1189860
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033640
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/76816
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html
Scores
EPSS
0.0174
EPSS Percentile
82.7%
Details
CWE
CWE-119
Status
published
Products (8)
mozilla/firefox
38.0
mozilla/firefox
38.0.1
mozilla/firefox
38.0.5
mozilla/firefox
38.1.0
mozilla/firefox
38.1.1
mozilla/firefox
38.2.0
mozilla/firefox
38.2.1
mozilla/firefox
< 40.0.3
Published
Sep 24, 2015
Tracked Since
Feb 18, 2026