CVE-2015-4475 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125 — Out-of-bounds Read12 documents7 sources

Severity

7.5HIGHNVD

OSV10.0

EPSS

1.2%

top 20.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Canonical Ubuntu Linux Opensuse

Timeline

PublishedAug 16

Latest updateJul 31

Description

The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶Ubuntumozilla/firefox< 40.0+build4-0ubuntu0.14.04.1+1

▶NVDmozilla/firefox39.0.3+4

▶NVDopensuse/opensuse13.1, 13.2+1

Also affects: Ubuntu Linux 12.04, 14.04, 15.04

🔴Vulnerability Details

GHSA

GHSA-qrvx-fg3g-ff4r: The mozilla::AudioSink function in Mozilla Firefox before 40↗2022-05-14

▶

OSV

firefox regression↗2015-08-20

▶

OSV

CVE-2015-4475: The mozilla::AudioSink function in Mozilla Firefox before 40↗2015-08-11

▶

OSV

firefox vulnerabilities↗2015-08-11

▶

OSV

ubufox update↗2015-08-11

▶

📋Vendor Advisories

Ubuntu

Firefox regression↗2015-08-20

▶

Ubuntu

Firefox vulnerabilities↗2015-08-11

▶

Red Hat

Mozilla: Out-of-bounds read with malformed MP3 file (MFSA 2015-80)↗2015-08-11

▶

Ubuntu

Ubufox update↗2015-08-11

▶

📄Research Papers

arXiv

Microservice Vulnerability Analysis: A Literature Review with Empirical Insights↗2024-07-31

▶

💬Community

Bugzilla

CVE-2015-4475 Mozilla: Out-of-bounds read with malformed MP3 file (MFSA 2015-80)↗2015-08-11

▶