CVE-2015-0817
Summary
| CVE | CVE-2015-0817 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-03-24 00:59:00 UTC |
| Updated | 2017-01-03 02:59:00 UTC |
| Description | The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript. |
Risk And Classification
Problem Types: CWE-17
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mozilla | Firefox | All | All | All | All |
| Application | Mozilla | Firefox Esr | 31.0 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.1 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.1.0 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.1.1 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.2 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.3 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.3.0 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.4 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.5 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.5.1 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.0 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.1 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.1.0 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.1.1 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.2 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.3 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.3.0 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.4 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.5 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.5.1 | All | All | All |
| Application | Mozilla | Seamonkey | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| openSUSE-SU-2015:0636-1: important: Security update for seamonkey | SUSE | lists.opensuse.org | |
| Gentoo Security | GENTOO | security.gentoo.org | |
| USN-2538-1: Firefox vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| Debian -- Security Information -- DSA-3201-1 iceweasel | DEBIAN | www.debian.org | |
| Mozilla Firefox/SeaMonkey CVE-2015-0817 Out of Bounds Remote Code Execution Vulnerability | BID | www.securityfocus.com | |
| Mozilla Firefox Heap Overflow in JIT Implementation Lets Remote Users Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Code execution through incorrect JavaScript bounds checking elimination — Mozilla | CONFIRM | www.mozilla.org | Vendor Advisory |
| [security-announce] openSUSE-SU-2015:0567-1: important: update to Firefo | SUSE | lists.opensuse.org | |
| [security-announce] SUSE-SU-2015:0630-1: important: Security update for | SUSE | lists.opensuse.org | |
| [security-announce] SUSE-SU-2015:0593-1: important: Security update for | SUSE | lists.opensuse.org | |
| Oracle Solaris Third Party Bulletin - April 2015 | CONFIRM | www.oracle.com | |
| Access Denied | CONFIRM | bugzilla.mozilla.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.