CVE-2015-2729

The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ESR 38.x before 38.1 does not properly calculate an oscillator rendering range, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mozillaCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
mozillafirefox
31.0
mozillafirefox
31.1.0
mozillafirefox
31.1.1
mozillafirefox
31.3.0
mozillafirefox
31.5.1
mozillafirefox
31.5.2
mozillafirefox
31.5.3
mozillafirefox
38.0
mozillafirefox_esr
31.1
mozillafirefox_esr
31.2
mozillafirefox_esr
31.3
mozillafirefox_esr
31.4
mozillafirefox_esr
31.5
mozillafirefox_esr
31.6.0
mozillafirefox_esr
31.7.0
mozillathunderbird
𝑥
≤ 38.0.1
mozillafirefox
𝑥
≤ 38.1.0
oraclesolaris
11.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
vivid
Fixed 39.0+build5-0ubuntu0.15.04.1
released
utopic
Fixed 39.0+build5-0ubuntu0.14.10.1
released
trusty
Fixed 39.0+build5-0ubuntu0.14.04.1
released
precise
Fixed 39.0+build5-0ubuntu0.12.04.2
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html
http://rhn.redhat.com/errata/RHSA-2015-1207.html
http://www.mozilla.org/security/announce/2015/mfsa2015-62.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.securityfocus.com/bid/75541
http://www.securitytracker.com/id/1032783
http://www.ubuntu.com/usn/USN-2656-1
http://www.ubuntu.com/usn/USN-2656-2
https://bugzilla.mozilla.org/show_bug.cgi?id=1122218
https://security.gentoo.org/glsa/201512-10
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html
http://rhn.redhat.com/errata/RHSA-2015-1207.html
http://www.mozilla.org/security/announce/2015/mfsa2015-62.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.securityfocus.com/bid/75541
http://www.securitytracker.com/id/1032783
http://www.ubuntu.com/usn/USN-2656-1
http://www.ubuntu.com/usn/USN-2656-2
https://bugzilla.mozilla.org/show_bug.cgi?id=1122218
https://security.gentoo.org/glsa/201512-10