CVE-2015-7178

HIGH

Description

The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content.

References

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html

http://www.mozilla.org/security/announce/2015/mfsa2015-113.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.securityfocus.com/bid/76816

http://www.securitytracker.com/id/1033640

https://bugzilla.mozilla.org/show_bug.cgi?id=1189860

Details

Source: MITRE

Published: 2015-09-24

Updated: 2016-12-22

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
86282openSUSE Security Update : seamonkey (openSUSE-2015-632)NessusSuSE Local Security Checks
high
86281openSUSE Security Update : MozillaThunderbird (openSUSE-2015-631)NessusSuSE Local Security Checks
high
86238openSUSE Security Update : MozillaFirefox (openSUSE-2015-619)NessusSuSE Local Security Checks
high
8948Mozilla Firefox < 41.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
86079FreeBSD : mozilla -- multiple vulnerabilities (2d56c7f4-b354-428f-8f48-38150c607a05)NessusFreeBSD Local Security Checks
high
86071Firefox < 41 Multiple VulnerabilitiesNessusWindows
high
86070Firefox ESR < 38.3 Multiple VulnerabilitiesNessusWindows
high