CVE-2015-4503
openSUSE Security Advisory - openSUSE-SU-2024:14572-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS application.
Vulnerabilidad en la implementación de la API TCP Socket en Mozilla Firefox en versiones anteriores a 41.0, no maneja correctamente los límites del array que fueron establecidos con una llamada al método navigator.mozTCPSocket.open y envío de llamadas a métodos, lo que permite a servidores TCP remotos obtener información sensible de la memoria de proceso mediante la lectura de datos de paquete, según lo demuostrado por la disponiblidad de esta API en una aplicación Firefox OS.
These are all security issues fixed in the firefox-esr-128.5.1-1.1 package on the GA media of openSUSE Tumbleweed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-06-10 CVE Reserved
- 2015-09-24 CVE Published
- 2024-08-06 CVE Updated
- 2025-06-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/76815 | Vdb Entry | |
| http://www.securitytracker.com/id/1033640 | Vdb Entry | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=994337 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|