CVE-2015-0830 — Mozilla Firefox vulnerability

CWE-3999 documents6 sources

Severity

5.0MEDIUMNVD

OSV4.3

EPSS

0.9%

top 23.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Canonical Ubuntu Linux Opensuse

Timeline

PublishedFeb 25

Latest updateMay 14

Description

The WebGL implementation in Mozilla Firefox before 36.0 does not properly allocate memory for copying an unspecified string to a shader's compilation log, which allows remote attackers to cause a denial of service (application crash) via crafted WebGL content.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶Ubuntumozilla/firefox< 36.0+build2-0ubuntu0.14.04.4+1

▶NVDmozilla/firefox35.0.1+214

▶NVDopensuse/opensuse13.1, 13.2+1

Also affects: Ubuntu Linux 12.04, 14.04, 14.10

🔴Vulnerability Details

GHSA

GHSA-mjjx-mm3w-x2f2: The WebGL implementation in Mozilla Firefox before 36↗2022-05-14

▶

OSV

firefox regression↗2015-03-09

▶

OSV

CVE-2015-0830: The WebGL implementation in Mozilla Firefox before 36↗2015-02-25

▶

OSV

firefox vulnerabilities↗2015-02-25

▶

📋Vendor Advisories

Ubuntu

Firefox regression↗2015-03-09

▶

Ubuntu

Firefox vulnerabilities↗2015-02-25

▶

Red Hat

Mozilla: Malicious WebGL content crash when writing strings (MFSA 2015-14)↗2015-02-24

▶

💬Community

Bugzilla

CVE-2015-0830 Mozilla: Malicious WebGL content crash when writing strings (MFSA 2015-14)↗2015-02-24

▶