CVE-2015-2729Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-125Out-of-bounds Read9 documents7 sources
Severity
5.0MEDIUMNVD
OSV4.3
EPSS
0.4%
top 38.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla ThunderbirdMozilla Firefox ESR+1 more
Timeline
PublishedJul 6
Latest updateMay 17

Description

The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ESR 38.x before 38.1 does not properly calculate an oscillator rendering range, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

Ubuntumozilla/firefox< 39.0+build5-0ubuntu0.14.04.1
NVDmozilla/firefox38.1.0+8
NVDmozilla/firefox_esr7 versions+6
NVDoracle/solaris11.3

🔴Vulnerability Details

4
GHSA
GHSA-p3v9-93rx-rg76: The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 392022-05-17
OSV
firefox vulnerabilities2015-07-09
CVEList
CVE-2015-2729: The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 392015-07-06
OSV
CVE-2015-2729: The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 392015-07-05

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2015-07-15
Ubuntu
Firefox vulnerabilities2015-07-09
Red Hat
Mozilla: Out-of-bound read while computing an oscillator rendering range in Web Audio (MFSA 2015-62)2015-07-02

💬Community

1
Bugzilla
CVE-2015-2729 Mozilla: Out-of-bound read while computing an oscillator rendering range in Web Audio (MFSA 2015-62)2015-06-30
CVE-2015-2729 — Mozilla Firefox vulnerability | cvebase