CVE-2015-0808 — Out-of-bounds Read in Mozilla Firefox

CWE-17 CWE-125 — Out-of-bounds Read CWE-639 — Authorization Bypass Through User-Controlled Key8 documents7 sources

Severity

5.0MEDIUMNVD

OSV7.5

EPSS

0.7%

top 27.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ec-cube Mozilla Firefox Canonical Ubuntu Linux +1 more

Timeline

PublishedApr 1

Latest updateMay 17

Description

The webrtc::VPMContentAnalysis::Release function in the WebRTC implementation in Mozilla Firefox before 37.0 uses incompatible approaches to the deallocation of memory for simple-type arrays, which might allow remote attackers to cause a denial of service (memory corruption) via unspecified vectors.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶Ubuntumozilla/firefox< 37.0+build2-0ubuntu0.14.04.1

▶NVDmozilla/firefox36.0.4

▶Packagistec-cube/ec-cube2.11.0 — 2.12.2

▶NVDopensuse/opensuse13.1, 13.2+1

Also affects: Ubuntu Linux 12.04, 14.04, 14.10

🔴Vulnerability Details

GHSA

EC-CUBE vulnerable to authorization bypass↗2022-05-17

▶

GHSA

GHSA-h99c-p2f8-8fhw: The webrtc::VPMContentAnalysis::Release function in the WebRTC implementation in Mozilla Firefox before 37↗2022-05-14

▶

OSV

CVE-2015-0808: The webrtc::VPMContentAnalysis::Release function in the WebRTC implementation in Mozilla Firefox before 37↗2015-04-01

▶

OSV

firefox vulnerabilities↗2015-04-01

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2015-04-01

▶

Red Hat

Mozilla: Incorrect memory management for simple-type arrays in WebRTC (MFSA 2015-36)↗2015-03-31

▶

💬Community

Bugzilla

CVE-2015-0808 Mozilla: Incorrect memory management for simple-type arrays in WebRTC (MFSA 2015-36)↗2015-03-30

▶