Memory Corruption Vulnerability in Mozilla Firefox and Firefox OS
CVE-2015-4487

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox Esr; Firefox; Firefox Os
Vendor: CVE Published:; 16 August 2015

What is CVE-2015-4487?

A vulnerability in the nsTSubstring::ReplacePrep function of Mozilla Firefox prior to version 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 may allow remote attackers to exploit memory corruption. This could lead to a denial of service or potentially more severe impacts through unknown vectors, primarily associated with an overflow condition. It is crucial for users to be aware of this vulnerability and update to the latest versions to mitigate risks.

References

http://www.debian.org/security/2015/dsa-3410

vendor-advisoryx_refsource_DEBIAN

http://lists.opensuse.org/opensuse-security-announce/2015...

vendor-advisoryx_refsource_SUSE

http://www.ubuntu.com/usn/USN-2712-1

vendor-advisoryx_refsource_UBUNTU

Timeline

Vulnerability published
Aug 16, 2015
Vulnerability Reserved
Jun 10, 2015