PT-2015-2165 · Mozilla+2 · Firefox+2
David Chan
+1
·
Publicado
2015-09-24
·
Atualizado
2024-12-12
·
CVE-2015-4503
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Mozilla Firefox versions prior to 41.0
Description
The issue is related to the TCP Socket API implementation in Mozilla Firefox, which mishandles array boundaries established with the
navigator.mozTCPSocket.open method and send method calls. This allows remote TCP servers to obtain sensitive information from process memory by reading packet data. The vulnerability can be exploited by a remote attacker to access protected information.Recommendations
For versions prior to 41.0, update to version 41.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the
navigator.mozTCPSocket.open method in Firefox OS applications until a patch is available. Avoid using the TCP Socket API in a way that could expose sensitive information.Exploit
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Firefox
Suse