CVE-2015-4482Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
4.6MEDIUMNVD
EPSS
0.1%
top 74.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxOpensuseOracle Solaris
Timeline
PublishedAug 16
Latest updateMay 14

Description

mar_read.c in the Updater in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows local users to gain privileges or cause a denial of service (out-of-bounds write) via a crafted name of a Mozilla Archive (aka MAR) file.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages3 packages

NVDmozilla/firefox39.0.3+4
NVDoracle/solaris11.3
NVDopensuse/opensuse13.1, 13.2+1

🔴Vulnerability Details

2
GHSA
GHSA-qxmp-rwpq-4m3m: mar_read2022-05-14
CVEList
CVE-2015-4482: mar_read2015-08-16
CVE-2015-4482 — Mozilla Firefox vulnerability | cvebase