PT-2015-1009 · Mozilla+5 · Firefox Esr+7

Ilxu1A

Published

2015-03-20

Updated

2024-12-12

CVE-2015-0817

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 36.0.3 Mozilla Firefox ESR versions prior to 31.5.2 SeaMonkey versions prior to 2.33.1

Description The issue is related to the asm.js implementation, which does not properly determine cases where bounds checking can be safely skipped during JIT compilation and heap access. This allows remote attackers to read or write to unintended memory locations and execute arbitrary code via crafted JavaScript.

Recommendations For Mozilla Firefox versions prior to 36.0.3, update to version 36.0.3 or later. For Mozilla Firefox ESR versions prior to 31.5.2, update to version 31.5.2 or later. For SeaMonkey versions prior to 2.33.1, update to version 2.33.1 or later.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-17CWE-20

Related Identifiers

ALT-PU-2015-1301

ALT-PU-2015-1321

ALT-PU-2015-1464

BDU:2015-09815

BDU:2015-09816

BDU:2015-09817

CESA-2015_0718

CVE-2015-0817

DSA-3201-1

MGASA-2015-0115

MGASA-2015-0126

OPENSUSE-SU-2015_0607-1

OPENSUSE-SU-2015_0636-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

RHSA-2015:0718

RHSA-2015_0718

SUSE-SU-2015:0630-1

SUSE-SU-2015_0593-1

SUSE-SU-2015_0593-2

SUSE-SU-2015_0630-1

USN-2538-1

ZDI-15-109

Affected Products

Alt Linux

Centos

Firefox

Firefox Esr

Red Hat

Seamonkey

Suse

Ubuntu

PT-2015-1009 · Mozilla+5 · Firefox Esr+7

CVE-2015-0817

Weakness Enumeration

Related Identifiers

Affected Products

References · 2256