CVE-2015-4517Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-250Execution with Unnecessary Privileges16 documents7 sources
Severity
7.5HIGHNVD
EPSS
3.2%
top 12.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Thunderbird
Timeline
PublishedSep 24
Latest updateMay 17

Description

NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

Ubuntumozilla/firefox< 41.0+build3-0ubuntu0.14.04.1+1
NVDmozilla/firefox40.0.3+7
Ubuntumozilla/thunderbird< 1:38.3.0+build1-0ubuntu0.14.04.1

🔴Vulnerability Details

7
GHSA
GHSA-cq2m-7793-8345: NetworkUtils2022-05-17
OSV
thunderbird vulnerabilities2015-10-05
OSV
firefox regression2015-10-05
OSV
unity-firefox-extension, webapps-greasemonkey, webaccounts-browser-extension update2015-09-24
OSV
ubufox update2015-09-22

📋Vendor Advisories

6
Ubuntu
Thunderbird vulnerabilities2015-10-05
Ubuntu
Firefox regression2015-10-05
Ubuntu
Unity Integration for Firefox, Unity Websites Integration and Ubuntu Online Accounts extension update2015-09-24
Red Hat
Mozilla: Vulnerabilities found through code inspection (MFSA 2015-112)2015-09-22
Ubuntu
Ubufox update2015-09-22

📄Research Papers

1
arXiv
VulDeePecker: A Deep Learning-Based System for Vulnerability Detection2018-01-05

💬Community

1
Bugzilla
CVE-2015-4517 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-112)2015-09-23