CVE-2015-0817

The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1145255
http://www.mozilla.org/security/announce/2015/mfsa2015-29.html	Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html
http://rhn.redhat.com/errata/RHSA-2015-0718.html
http://www.debian.org/security/2015/dsa-3201
http://www.ubuntu.com/usn/USN-2538-1
http://www.securitytracker.com/id/1031958
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00029.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00035.html
http://lists.opensuse.org/opensuse-updates/2015-03/msg00096.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
https://security.gentoo.org/glsa/201504-01
http://www.securityfocus.com/bid/73263

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox_esr:31.4:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.3.0:::::::*
	cpe:2.3:a:mozilla:seamonkey::::::::
	cpe:2.3:a:mozilla:firefox_esr:31.1.1:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.1.0:::::::*
	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox_esr:31.5:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.5.1:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.1:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.3:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.2:::::::*

Information

Published : 2015-03-23 17:59

Updated : 2017-01-02 18:59

NVD link : CVE-2015-0817

Mitre link : CVE-2015-0817

JSON object : View

CWE

CWE-17

DEPRECATED: Code

Advertisement

Products Affected

mozilla

firefox
firefox_esr
seamonkey

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1145255", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1145255", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-29.html", "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-29.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html", "name": "openSUSE-SU-2015:0567", "tags": [], "refsource": "SUSE"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0718.html", "name": "RHSA-2015:0718", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.debian.org/security/2015/dsa-3201", "name": "DSA-3201", "tags": [], "refsource": "DEBIAN"}, {"url": "http://www.ubuntu.com/usn/USN-2538-1", "name": "USN-2538-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://www.securitytracker.com/id/1031958", "name": "1031958", "tags": [], "refsource": "SECTRACK"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00029.html", "name": "SUSE-SU-2015:0593", "tags": [], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00035.html", "name": "SUSE-SU-2015:0630", "tags": [], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00096.html", "name": "openSUSE-SU-2015:0636", "tags": [], "refsource": "SUSE"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "tags": [], "refsource": "CONFIRM"}, {"url": "https://security.gentoo.org/glsa/201504-01", "name": "GLSA-201504-01", "tags": [], "refsource": "GENTOO"}, {"url": "http://www.securityfocus.com/bid/73263", "name": "73263", "tags": [], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-17"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-0817", "ASSIGNER": "security@mozilla.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2015-03-24T00:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:31.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:31.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.33.0"}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:31.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:31.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "36.0.1"}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:31.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:31.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:31.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:31.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-01-03T02:59Z"}