Denial of Service Vulnerability in Mozilla Firefox Affected by Shared Memory Access
CVE-2015-4484

Currently unrated

Key Information:

Vendor: Canonical
Status: Ubuntu Linux; Opensuse
Vendor: CVE Published:; 16 August 2015

Summary

The vulnerability resides in the JavaScript engine of Mozilla Firefox, specifically within the js::jit::AssemblerX86Shared::lock_addl function. Attackers can exploit this flaw to trigger a denial of service by manipulating shared memory. By accessing an Atomics object or a SharedArrayBuffer object, remote attackers may cause the application to crash, disrupting user activity and compromising system reliability. Immediate updates to the affected versions are recommended to mitigate risks.

References

http://lists.opensuse.org/opensuse-security-announce/2015...

vendor-advisoryx_refsource_SUSE

http://www.mozilla.org/security/announce/2015/mfsa2015-87...

x_refsource_CONFIRM

http://lists.opensuse.org/opensuse-updates/2015-08/msg000...

vendor-advisoryx_refsource_SUSE

Timeline

Vulnerability published
Aug 16, 2015
Vulnerability Reserved
Jun 10, 2015