Integer Overflow Vulnerability in Mozilla Firefox and Firefox ESR
CVE-2015-4480

Currently unrated

Key Information:

Vendor: Canonical
Status: Ubuntu Linux; Opensuse
Vendor: CVE Published:; 16 August 2015

Summary

The vulnerability manifests as an integer overflow in the stagefright::SampleTable::isValid function within libstagefright of Mozilla Firefox. This flaw allows remote attackers to execute arbitrary code by exploiting specially crafted MPEG-4 video files encoded with H.264. This presents serious security risks, especially when users are tricked into processing malicious video content.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1144107

x_refsource_CONFIRM

http://lists.opensuse.org/opensuse-updates/2015-08/msg000...

vendor-advisoryx_refsource_SUSE

http://www.ubuntu.com/usn/USN-2702-3

vendor-advisoryx_refsource_UBUNTU

Timeline

Vulnerability published
Aug 16, 2015
Vulnerability Reserved
Jun 10, 2015