CVE-2015-2712
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped, which allows remote attackers to trigger out-of-bounds write operations and possibly execute arbitrary code, or trigger out-of-bounds read operations and possibly obtain sensitive information from process memory, via crafted JavaScript.
La implementación asm.js en Mozilla Firefox anterior a 38.0 no determina correctamente las longitudes de la memoria dinámica durante la identificación de casos en que la comprobación de límites puede saltarse con seguridad, lo que permite a atacantes remotos provocar operaciones de escritura fuera de rango y posiblemente obtener información sensible de la memoria de procesos a través de JavaScript manipulado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-03-25 CVE Reserved
- 2015-05-14 CVE Published
- 2024-04-20 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | X_refsource_confirm | |
http://www.securityfocus.com/bid/74611 | Vdb Entry | |
https://bugzilla.mozilla.org/show_bug.cgi?id=1152280 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html | 2018-10-30 | |
http://www.mozilla.org/security/announce/2015/mfsa2015-50.html | 2018-10-30 | |
http://www.ubuntu.com/usn/USN-2602-1 | 2018-10-30 | |
https://security.gentoo.org/glsa/201605-06 | 2018-10-30 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 37.0.2 Search vendor "Mozilla" for product "Firefox" and version " <= 37.0.2" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.1 Search vendor "Opensuse" for product "Opensuse" and version "13.1" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.2 Search vendor "Opensuse" for product "Opensuse" and version "13.2" | - |
Affected
|