Integer Signedness Error in Mozilla Firefox OS Graphics Buffer Management
CVE-2015-5962

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox Os
Vendor: CVE Published:; 8 August 2015

What is CVE-2015-5962?

An integer signedness error in the SharedBufferManagerParent::RecvAllocateGrallocBuffer function in the graphics layer's buffer-management implementation in Mozilla Firefox OS prior to version 2.2 can be exploited by attackers. By sending a negative size parameter, an attacker may induce memory corruption, potentially leading to a denial of service condition. This vulnerability highlights the importance of robust parameter validation in software development.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1145389

x_refsource_CONFIRM

http://www.securityfocus.com/bid/76253

vdb-entryx_refsource_BID

http://www.mozilla.org/security/announce/2015/mfsa2015-77...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 8, 2015
Vulnerability Reserved
Aug 7, 2015