PT-2015-2629 · Mozilla+6 · Firefox+8

Ryan Sleevi

·

Publicado

2015-11-03

·

Atualizado

2024-10-22

·

CVE-2015-7183

CVSS v2.0

7.5

Alta

VetorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Mozilla Network Security Services versions prior to 3.19.2.1 Mozilla Network Security Services versions 3.20.x prior to 3.20.1 Firefox versions prior to 42.0 Firefox ESR 38.x versions prior to 38.4
Description The issue is related to an integer overflow in the PL ARENA ALLOCATE implementation, which can cause a buffer overflow. This can allow a remote attacker to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash.
Recommendations For Mozilla Network Security Services versions prior to 3.19.2.1, update to version 3.19.2.1 or later. For Mozilla Network Security Services versions 3.20.x prior to 3.20.1, update to version 3.20.1 or later. For Firefox versions prior to 42.0, update to version 42.0 or later. For Firefox ESR 38.x versions prior to 38.4, update to version 38.4 or later.

Exploit

Correção

DoS

RCE

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-189

Identificadores relacionados

ALT-PU-2015-1973
ALT-PU-2015-1974
ALT-PU-2016-1454
BDU:2015-11994
CESA-2015_1981
CVE-2015-7183
DLA-344-1
DSA-3393-1
DSA-3406-1
MGASA-2015-0427
OPENSUSE-SU-2015_1942-1
OPENSUSE-SU-2024:10071-1
OPENSUSE-SU-2024:10218-1
OPENSUSE-SU-2024:10230-1
OPENSUSE-SU-2024:10297-1
RHSA-2015:1980
RHSA-2015:1981
RHSA-2015:2068
RHSA-2015_1980
RHSA-2015_1981
SUSE-SU-2015:1926-1
SUSE-SU-2015:1978-1
SUSE-SU-2015:1981-1
USN-2785-1
USN-2790-1
USN-2819-1

Produtos afetados

Alt Linux
Centos
Firefox
Firefox Esr
Network Security Services
Red Hat
Suse
Ubuntu
Virtualbox