CVE-2015-0808

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The webrtc::VPMContentAnalysis::Release function in the WebRTC implementation in Mozilla Firefox before 37.0 uses incompatible approaches to the deallocation of memory for simple-type arrays, which might allow remote attackers to cause a denial of service (memory corruption) via unspecified vectors.

References

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html

http://www.mozilla.org/security/announce/2015/mfsa2015-36.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.securitytracker.com/id/1031996

http://www.ubuntu.com/usn/USN-2550-1

https://bugzilla.mozilla.org/show_bug.cgi?id=1109552

https://security.gentoo.org/glsa/201512-10

Details

Source: MITRE

Published: 2015-04-01

Updated: 2018-10-30

Type: CWE-17

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (8 total)

IDNameProductFamilySeverity
701254Mozilla Firefox ESR < 31.6 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
87710GLSA-201512-10 : Mozilla Products: Multiple vulnerabilities (Bar Mitzvah) (Logjam)NessusGentoo Local Security Checks
critical
8742Mozilla Firefox < 37.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
82651openSUSE Security Update : MozillaFirefox / MozillaThunderbird / mozilla-nspr (openSUSE-2015-290)NessusSuSE Local Security Checks
high
82524Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : firefox vulnerabilities (USN-2550-1)NessusUbuntu Local Security Checks
high
82503Firefox < 37.0 Multiple VulnerabilitiesNessusWindows
high
82500Firefox < 37.0 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
high
82482FreeBSD : mozilla -- multiple vulnerabilities (d0c97697-df2c-4b8b-bff2-cec24dc35af8)NessusFreeBSD Local Security Checks
high