PT-2015-1009 · Mozilla+5 · Firefox Esr+7

Ilxu1A

Publicado

2015-03-20

Atualizado

2024-12-12

CVE-2015-0817

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 36.0.3 Mozilla Firefox ESR versions prior to 31.5.2 SeaMonkey versions prior to 2.33.1

Description The issue is related to the asm.js implementation, which does not properly determine cases where bounds checking can be safely skipped during JIT compilation and heap access. This allows remote attackers to read or write to unintended memory locations and execute arbitrary code via crafted JavaScript.

Recommendations For Mozilla Firefox versions prior to 36.0.3, update to version 36.0.3 or later. For Mozilla Firefox ESR versions prior to 31.5.2, update to version 31.5.2 or later. For SeaMonkey versions prior to 2.33.1, update to version 2.33.1 or later.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-17CWE-20

Identificadores relacionados

ALT-PU-2015-1301

ALT-PU-2015-1321

ALT-PU-2015-1464

BDU:2015-09815

BDU:2015-09816

BDU:2015-09817

CESA-2015_0718

CVE-2015-0817

DSA-3201-1

MGASA-2015-0115

MGASA-2015-0126

OPENSUSE-SU-2015_0607-1

OPENSUSE-SU-2015_0636-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

RHSA-2015:0718

RHSA-2015_0718

SUSE-SU-2015:0630-1

SUSE-SU-2015_0593-1

SUSE-SU-2015_0593-2

SUSE-SU-2015_0630-1

USN-2538-1

ZDI-15-109

Produtos afetados

Alt Linux

Centos

Firefox

Firefox Esr

Red Hat

Seamonkey

Suse

Ubuntu

PT-2015-1009 · Mozilla+5 · Firefox Esr+7

CVE-2015-0817

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2256