CVE-2015-0817

EUVD-2015-0830
The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
𝑥
≤ 36.0.1
mozillafirefox
31.0
mozillafirefox
31.1.0
mozillafirefox
31.1.1
mozillafirefox
31.3.0
mozillafirefox
31.5.1
mozillafirefox_esr
31.1
mozillafirefox_esr
31.2
mozillafirefox_esr
31.3
mozillafirefox_esr
31.4
mozillafirefox_esr
31.5
mozillaseamonkey
𝑥
≤ 2.33.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
lucid
ignored
precise
Fixed 36.0.4+build1-0ubuntu0.12.04.1
released
trusty
Fixed 36.0.4+build1-0ubuntu0.14.04.1
released
utopic
Fixed 36.0.4+build1-0ubuntu0.14.10.1
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00029.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00035.html
http://lists.opensuse.org/opensuse-updates/2015-03/msg00096.html
http://rhn.redhat.com/errata/RHSA-2015-0718.html
http://www.debian.org/security/2015/dsa-3201
http://www.mozilla.org/security/announce/2015/mfsa2015-29.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.securityfocus.com/bid/73263
http://www.securitytracker.com/id/1031958
http://www.ubuntu.com/usn/USN-2538-1
https://bugzilla.mozilla.org/show_bug.cgi?id=1145255
https://security.gentoo.org/glsa/201504-01
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00029.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00035.html
http://lists.opensuse.org/opensuse-updates/2015-03/msg00096.html
http://rhn.redhat.com/errata/RHSA-2015-0718.html
http://www.debian.org/security/2015/dsa-3201
http://www.mozilla.org/security/announce/2015/mfsa2015-29.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.securityfocus.com/bid/73263
http://www.securitytracker.com/id/1031958
http://www.ubuntu.com/usn/USN-2538-1
https://bugzilla.mozilla.org/show_bug.cgi?id=1145255
https://security.gentoo.org/glsa/201504-01