CVE-2015-0813

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file.

References

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

http://rhn.redhat.com/errata/RHSA-2015-0766.html

http://rhn.redhat.com/errata/RHSA-2015-0771.html

http://www.debian.org/security/2015/dsa-3211

http://www.debian.org/security/2015/dsa-3212

http://www.mozilla.org/security/announce/2015/mfsa2015-31.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

http://www.securityfocus.com/bid/73463

http://www.securitytracker.com/id/1031996

http://www.securitytracker.com/id/1032000

http://www.ubuntu.com/usn/USN-2550-1

http://www.ubuntu.com/usn/USN-2552-1

https://bugzilla.mozilla.org/show_bug.cgi?id=1106596

https://security.gentoo.org/glsa/201512-10

Details

Source: MITRE

Published: 2015-04-01

Updated: 2017-01-03

Risk Information

CVSS v2

Base Score: 5.1

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 4.9

Severity: MEDIUM

Tenable Plugins

View all (19 total)

IDNameProductFamilySeverity
701254Mozilla Firefox ESR < 31.6 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
87710GLSA-201512-10 : Mozilla Products: Multiple vulnerabilities (Bar Mitzvah) (Logjam)NessusGentoo Local Security Checks
critical
8745Mozilla Thunderbird < 31.6 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
high
8742Mozilla Firefox < 37.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
82739SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 10571)NessusSuSE Local Security Checks
high
82651openSUSE Security Update : MozillaFirefox / MozillaThunderbird / mozilla-nspr (openSUSE-2015-290)NessusSuSE Local Security Checks
high
82565Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : thunderbird vulnerabilities (USN-2552-1)NessusUbuntu Local Security Checks
high
82538Debian DSA-3212-1 : icedove - security updateNessusDebian Local Security Checks
high
82524Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : firefox vulnerabilities (USN-2550-1)NessusUbuntu Local Security Checks
high
82522Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20150401)NessusScientific Linux Local Security Checks
high
82520Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20150401)NessusScientific Linux Local Security Checks
high
82519RHEL 5 / 6 / 7 : thunderbird (RHSA-2015:0771)NessusRed Hat Local Security Checks
high
82517Oracle Linux 6 / 7 : thunderbird (ELSA-2015-0771)NessusOracle Linux Local Security Checks
high
82512Debian DSA-3211-1 : iceweasel - security updateNessusDebian Local Security Checks
high
82510CentOS 5 / 7 : thunderbird (CESA-2015:0771)NessusCentOS Local Security Checks
high
82495RHEL 5 / 6 / 7 : firefox (RHSA-2015:0766)NessusRed Hat Local Security Checks
high
82488Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-0766)NessusOracle Linux Local Security Checks
high
82482FreeBSD : mozilla -- multiple vulnerabilities (d0c97697-df2c-4b8b-bff2-cec24dc35af8)NessusFreeBSD Local Security Checks
high
82477CentOS 5 / 6 / 7 : firefox / xulrunner (CESA-2015:0766)NessusCentOS Local Security Checks
high