PT-2015-1760 · Mozilla+3 · Firefox+3

Skylined

Publicado

2015-08-11

Atualizado

2024-12-12

CVE-2015-4477

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 40.0

Description The issue is related to a use-after-free vulnerability in the MediaStream playback feature. This vulnerability allows remote attackers to execute arbitrary code via unspecified use of the Web Audio API. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions prior to 40.0, update to version 40.0 or later to resolve the issue. As a temporary workaround, consider disabling the MediaStream playback feature until a patch is available. Restrict access to the Web Audio API to minimize the risk of exploitation. Avoid using the Web Audio API in affected versions until the issue is resolved.

Exploit

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2015-1704

ALT-PU-2016-1454

BDU:2015-11106

CVE-2015-4477

MGASA-2015-0414

MGASA-2016-0105

OPENSUSE-SU-2015_1389-1

OPENSUSE-SU-2015_1390-1

OPENSUSE-SU-2016_0876-1

OPENSUSE-SU-2016_0894-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:10230-1

OPENSUSE-SU-2024:14572-1

USN-2702-1

USN-2702-2

USN-2702-3

Produtos afetados

Alt Linux

Firefox

Suse

Ubuntu

PT-2015-1760 · Mozilla+3 · Firefox+3

CVE-2015-4477

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2497