Lucene search

K

MozillaCVELIST:CVE-2015-4503

HistorySep 24, 2015 - 1:00 a.m.

CVE-2015-4503

2015-09-2401:00:00

mozilla

www.cve.org

5

AI Score

5.8

Confidence

Low

EPSS

0.003

Percentile

71.8%

The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS application.

References

lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html

lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html

www.mozilla.org/security/announce/2015/mfsa2015-97.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.securityfocus.com/bid/76815

www.securitytracker.com/id/1033640

bugzilla.mozilla.org/show_bug.cgi?id=994337

AI Score

5.8

Confidence

Low

EPSS

0.003

Percentile

71.8%

Related for CVELIST:CVE-2015-4503

ubuntucve1 prion1 openvas5 mozilla1 cve1 nvd1 nessus4 suse2 kaspersky2 freebsd1 securityvulns1