CVE-2015-7178Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-805Buffer Access with Incorrect Length Value4 documents4 sources
Severity
7.5HIGHNVD
EPSS
1.5%
top 18.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedSep 24
Latest updateMay 17

Description

The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDmozilla/firefox40.0.3+7

🔴Vulnerability Details

1
GHSA
GHSA-9xjq-84qp-q8wh: The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 412022-05-17

📋Vendor Advisories

1
Red Hat
Mozilla: Memory safety errors in libGLES in the ANGLE graphics library (MFSA 2015-113)2015-09-22

💬Community

1
Bugzilla
CVE-2015-7178 CVE-2015-7179 Mozilla: Memory safety errors in libGLES in the ANGLE graphics library (MFSA 2015-113)2015-09-22