Use-After-Free Vulnerability in Mozilla Firefox Web Audio API
CVE-2015-4477

Currently unrated

Key Information:

Vendor: Canonical
Status: Ubuntu Linux; Opensuse
Vendor: CVE Published:; 16 August 2015

Summary

A use-after-free vulnerability exists in the MediaStream playback feature of Mozilla Firefox versions prior to 40.0. This weakness can be exploited by remote attackers to execute arbitrary code by making specific but unspecified calls to the Web Audio API. If successfully executed, such an exploit could lead to unauthorized access and manipulation of system functions, potentially allowing attackers to take control of affected devices. Users are advised to update their Firefox browsers to the latest versions to mitigate this risk.

References

http://lists.opensuse.org/opensuse-security-announce/2016...

vendor-advisoryx_refsource_SUSE

http://www.mozilla.org/security/announce/2015/mfsa2015-81...

x_refsource_CONFIRM

http://www.ubuntu.com/usn/USN-2702-3

vendor-advisoryx_refsource_UBUNTU

Timeline

Vulnerability published
Aug 16, 2015
Vulnerability Reserved
Jun 10, 2015