Arbitrary Code Execution Vulnerability in Mozilla Firefox and Firefox ESR
CVE-2015-4486

Currently unrated

Key Information:

Vendor: Canonical
Status: Ubuntu Linux; Opensuse
Vendor: CVE Published:; 16 August 2015

Summary

A vulnerability exists in the libvpx component of Mozilla Firefox and Firefox ESR, allowing attackers to potentially execute arbitrary code or cause a denial of service due to an out-of-bounds read. This issue arises when the application processes malformed WebM video files, which can interfere with the normal functioning of the browser and endanger system security. Users should update their web browsers to the latest versions to protect against this threat.

References

http://lists.opensuse.org/opensuse-security-announce/2015...

vendor-advisoryx_refsource_SUSE

http://lists.opensuse.org/opensuse-updates/2015-08/msg000...

vendor-advisoryx_refsource_SUSE

http://www.ubuntu.com/usn/USN-2702-3

vendor-advisoryx_refsource_UBUNTU

Timeline

Vulnerability published
Aug 16, 2015
Vulnerability Reserved
Jun 10, 2015