Memory Corruption Vulnerability in Mozilla Firefox and SeaMonkey Products
CVE-2015-0817

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox Esr; Seamonkey; Firefox
Vendor: CVE Published:; 24 March 2015

Summary

A memory corruption vulnerability exists in Mozilla Firefox and SeaMonkey due to an improper asm.js implementation that fails to accurately assess when bounds checking can be safely bypassed during JIT compilation and heap access. This flaw can be exploited by remote attackers to conduct read or write operations on unintended memory locations, potentially leading to arbitrary code execution via specially crafted JavaScript.

References

http://www.securitytracker.com/id/1031958

vdb-entryx_refsource_SECTRACK

http://www.mozilla.org/security/announce/2015/mfsa2015-29...

x_refsource_CONFIRM

https://bugzilla.mozilla.org/show_bug.cgi?id=1145255

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 24, 2015
Vulnerability Reserved
Jan 7, 2015