Type Confusion Vulnerability in Mozilla Firefox's IndexedDB Implementation
CVE-2015-2728

Currently unrated

Key Information:

Vendor: Novell
Status: Suse Linux Enterprise Server; Suse Linux Enterprise Desktop
Vendor: CVE Published:; 6 July 2015

Summary

A vulnerability exists within the IndexedDatabaseManager class of Mozilla Firefox's IndexedDB implementation, where an IDBDatabase field is misinterpreted as a pointer. This flaw enables remote attackers to execute arbitrary code or trigger significant application instability, such as memory corruption and crashes. The issue affects several versions of Firefox and its Extended Support Release (ESR) variants, posing a risk through unspecified vectors that exploit this type confusion, leading to severe security implications for users.

References

http://lists.opensuse.org/opensuse-security-announce/2015...

vendor-advisoryx_refsource_SUSE

https://bugzilla.mozilla.org/show_bug.cgi?id=1142210

x_refsource_CONFIRM

http://lists.opensuse.org/opensuse-security-announce/2015...

vendor-advisoryx_refsource_SUSE

Timeline

Vulnerability published
Jul 6, 2015
Vulnerability Reserved
Mar 25, 2015