PT-2015-1760 · Mozilla+3 · Firefox+3

Skylined

Published

2015-08-11

Updated

2024-12-12

CVE-2015-4477

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 40.0

Description The issue is related to a use-after-free vulnerability in the MediaStream playback feature. This vulnerability allows remote attackers to execute arbitrary code via unspecified use of the Web Audio API. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions prior to 40.0, update to version 40.0 or later to resolve the issue. As a temporary workaround, consider disabling the MediaStream playback feature until a patch is available. Restrict access to the Web Audio API to minimize the risk of exploitation. Avoid using the Web Audio API in affected versions until the issue is resolved.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2015-1704

ALT-PU-2016-1454

BDU:2015-11106

CVE-2015-4477

MGASA-2015-0414

MGASA-2016-0105

OPENSUSE-SU-2015_1389-1

OPENSUSE-SU-2015_1390-1

OPENSUSE-SU-2016_0876-1

OPENSUSE-SU-2016_0894-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:10230-1

OPENSUSE-SU-2024:14572-1

USN-2702-1

USN-2702-2

USN-2702-3

Affected Products

Alt Linux

Firefox

Suse

Ubuntu

PT-2015-1760 · Mozilla+3 · Firefox+3

CVE-2015-4477

Weakness Enumeration

Related Identifiers

Affected Products

References · 2497