CVE-2015-7179

EUVD-2015-7111
The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted (1) OpenGL or (2) WebGL content.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
𝑥
≤ 40.0.3
mozillafirefox
38.0
mozillafirefox
38.0.1
mozillafirefox
38.0.5
mozillafirefox
38.1.0
mozillafirefox
38.1.1
mozillafirefox
38.2.0
mozillafirefox
38.2.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
precise
not-affected
trusty
dne
vivid
not-affected
thunderbird
precise
not-affected
trusty
dne
vivid
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html
http://www.mozilla.org/security/announce/2015/mfsa2015-113.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/76816
http://www.securitytracker.com/id/1033640
https://bugzilla.mozilla.org/show_bug.cgi?id=1190526
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html
http://www.mozilla.org/security/announce/2015/mfsa2015-113.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/76816
http://www.securitytracker.com/id/1033640
https://bugzilla.mozilla.org/show_bug.cgi?id=1190526