CVE-2015-7178

The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1189860
http://www.mozilla.org/security/announce/2015/mfsa2015-113.html	Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/76816
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html
http://www.securitytracker.com/id/1033640

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:mozilla:firefox_esr:38.0.1:::::::*
	cpe:2.3:a:mozilla:firefox_esr:38.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:38.2.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:38.1.1:::::::*
	cpe:2.3:a:mozilla:firefox_esr:38.1.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:38.0.5:::::::*
	cpe:2.3:a:mozilla:firefox_esr:38.2.1:::::::*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Information

Published : 2015-09-23 21:59

Updated : 2016-12-21 19:00

NVD link : CVE-2015-7178

Mitre link : CVE-2015-7178

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

mozilla

firefox
firefox_esr

microsoft

windows

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1189860", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1189860", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-113.html", "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-113.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/76816", "name": "76816", "tags": [], "refsource": "BID"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html", "name": "openSUSE-SU-2015:1681", "tags": [], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html", "name": "openSUSE-SU-2015:1658", "tags": [], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html", "name": "openSUSE-SU-2015:1679", "tags": [], "refsource": "SUSE"}, {"url": "http://www.securitytracker.com/id/1033640", "name": "1033640", "tags": [], "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-7178", "ASSIGNER": "security@mozilla.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2015-09-24T04:59Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "40.0.3"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2016-12-22T03:00Z"}

7.5 /10