CVE-2015-0817

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox Esr; Seamonkey; Firefox
Vendor: CVE Published:; 24 March 2015

Summary

The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript.

References

http://www.securitytracker.com/id/1031958

vdb-entryx_refsource_SECTRACK

http://www.mozilla.org/security/announce/2015/mfsa2015-29...

x_refsource_CONFIRM

https://bugzilla.mozilla.org/show_bug.cgi?id=1145255

x_refsource_CONFIRM

EPSS Score

23% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 24, 2015
Vulnerability Reserved
Jan 7, 2015