CVE-2015-4503Sensitive Information Exposure in Mozilla Firefox

CWE-200Sensitive Information Exposure5 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
0.6%
top 31.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedSep 24
Latest updateMay 17

Description

The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS application.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmozilla/firefox40.0.3

🔴Vulnerability Details

1
GHSA
GHSA-wxv2-7x8x-wpcq: The TCP Socket API implementation in Mozilla Firefox before 412022-05-17

📋Vendor Advisories

1
Red Hat
Mozilla: Memory leak in mozTCPSocket to servers (MFSA 2015-97)2015-09-22

💬Community

2
Bugzilla
[SECURITY] XSS in dependency graphs when displaying the bug summary2015-11-04
Bugzilla
CVE-2015-4503 Mozilla: Memory leak in mozTCPSocket to servers (MFSA 2015-97)2015-09-23