CVE-2015-4503

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 41.0

Description The issue is related to the TCP Socket API implementation in Mozilla Firefox, which mishandles array boundaries established with the navigator.mozTCPSocket.open method and send method calls. This allows remote TCP servers to obtain sensitive information from process memory by reading packet data. The vulnerability can be exploited by a remote attacker to access protected information.

Recommendations For versions prior to 41.0, update to version 41.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the navigator.mozTCPSocket.open method in Firefox OS applications until a patch is available. Avoid using the TCP Socket API in a way that could expose sensitive information.