CVE-2015-0817
Summary
| CVE | CVE-2015-0817 |
|---|---|
| State | PUBLISHED |
| Assigner | mozilla |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-03-24 00:59:05 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:M/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mozilla | Firefox | 31.0 | All | All | All |
| Application | Mozilla | Firefox | 31.1.0 | All | All | All |
| Application | Mozilla | Firefox | 31.1.1 | All | All | All |
| Application | Mozilla | Firefox | 31.3.0 | All | All | All |
| Application | Mozilla | Firefox | 31.5.1 | All | All | All |
| Application | Mozilla | Firefox | All | All | All | All |
| Application | Mozilla | Firefox Esr | 31.1 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.2 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.3 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.4 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.5 | All | All | All |
| Application | Mozilla | Seamonkey | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | |
| Oracle Solaris Third Party Bulletin - April 2015 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | |
| Gentoo Security | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | |
| openSUSE-SU-2015:0636-1: important: Security update for seamonkey | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| Code execution through incorrect JavaScript bounds checking elimination — Mozilla | af854a3a-2127-422b-91ae-364da2661108 | www.mozilla.org | Vendor Advisory |
| [security-announce] SUSE-SU-2015:0593-1: important: Security update for | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| [security-announce] SUSE-SU-2015:0630-1: important: Security update for | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| [security-announce] openSUSE-SU-2015:0567-1: important: update to Firefo | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| Access Denied | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.mozilla.org | |
| Debian -- Security Information -- DSA-3201-1 iceweasel | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | |
| Mozilla Firefox Heap Overflow in JIT Implementation Lets Remote Users Execute Arbitrary Code - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | |
| USN-2538-1: Firefox vulnerabilities | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | |
| Mozilla Firefox/SeaMonkey CVE-2015-0817 Out of Bounds Remote Code Execution Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.