Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM4D7388FD1B0BA03091504ED2BB538F1830FC63DB48227823340B637944B531B3
HistoryJun 17, 2018 - 10:30 p.m.

Security Bulletin: Multiple vulnerabilities in Firefox affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance

2018-06-1722:30:13
www.ibm.com
14

0.89 High

EPSS

Percentile

98.8%

JSON

Summary

Multiple vulnerabilities in Firefox affect IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance (CVE-2015-4495, CVE-2015-0797, and others).

Vulnerability Details

CVEID: CVE-2015-0797**
DESCRIPTION:** Mozilla Firefox and Thunderbird are vulnerable to a buffer overflow, caused by improper bounds checking by GStreamer. By persuading a victim to open a specially crafted H.264 video file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105235 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVEID: CVE-2015-4473**
DESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105486 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-4474**
DESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105488 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-4475**
DESCRIPTION:** Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read during playback of a malformed MP3 format audio file. By persuading a victim to specially crafted MP3 audio file, a remote attacker could exploit this vulnerability to read portions of system memory.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105491 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)

CVEID: CVE-2015-4477**
DESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error when processing audio. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using the Web Audio API during MediaStream playback to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105516 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-4490**
DESCRIPTION:** Mozilla Firefox is vulnerable to cross-site scripting, caused by an error when processing of wildcard characters in the Content Security Policy in ‘blob:’, ‘data:’, and ‘filesystem:’ URLs. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base Score: 6.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105522 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2015-4478**
DESCRIPTION:** Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the redefinition of non-configurable properties on JavaScript objects when parsing JSON. An attacker could exploit this vulnerability to bypass same-origin policy restrictions and gain access to the system.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105576 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)

CVEID: CVE-2015-4479**
DESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the libstagefright library when processing MPEG4 video files. By persuading a victim to open a specially-crafted MPEG4 file, a remote attacker could exploit this vulnerability to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105573 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-4480**
DESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the libstagefright library when processing MPEG4 video files. By persuading a victim to open a specially-crafted MPEG4 file, a remote attacker could exploit this vulnerability to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105574 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-4481**
DESCRIPTION:** Mozilla Firefox could allow a local attacker to gain elevated privileges on the system, caused by a hardlink race condition in the Mozilla Maintenance Service on Windows. By writing its log file to a restricted location with an arbitrary file name, an attacker could exploit this vulnerability to gain elevated privileges on the system.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105572 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-4482**
DESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error when opening a malicious file. By persuading a victim to open a specially-crafted MAR file, a remote attacker could exploit this vulnerability to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105569 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-4483**
DESCRIPTION:** Mozilla Firefox could allow a remote attacker to bypass security restrictions. By modifying a feed: protocol URL, an attacker could exploit this vulnerability using man-in-the-middle techniques to disable the mixed content blocker for that page and allow insecure content.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105568 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)

CVEID: CVE-2015-4484**
DESCRIPTION:** Mozilla Firefox is vulnerable to a denial of service, caused by the failure to properly gate access to Atomics or SharedArrayBuffer views. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105545 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2015-4485**
DESCRIPTION:** Mozilla Firefox is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by resize_context_buffers. By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105526 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-4486**
DESCRIPTION:** Mozilla Firefox is vulnerable to a buffer overflow, caused by an out of bounds read in decrease_ref_count. By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105527 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-4487**
DESCRIPTION:** Mozilla Firefox is vulnerable to a buffer overflow, caused by improper bounds checking by nsTSubstring::ReplacePrep. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105523 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-4488**
DESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within StyleAnimationValue::operator. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105524 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-4489**
DESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within nsTArray_Impl. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105525 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-4491**
DESCRIPTION:** Mozilla Firefox is vulnerable to a heap-based buffer overflow, caused by improper bounds checking bygdk-pixbuf affecting Linux systems using Gnome. By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105544 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-4492**
DESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in XMLHttpRequest::Open() in a SharedWorker. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105521 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-4493**
DESCRIPTION:** Mozilla Firefox is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when parsing an MPEG4 video with an invalid size in an ESDS chunk. By persuading a victim to open a specially-crafted MPEG4 file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105575 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance

Remediation/Fixes

If you are running IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance, contact IBM support.

Workarounds and Mitigations

None

Related

suse 7
nessus 37
openvas 47
ubuntu 4
archlinux 1
kaspersky 2
redhat 3
veracode 13
freebsd 2
centos 3
mageia 3
oraclelinux 3
debian 1
securityvulns 1
mozilla 11
ibm 2
ubuntucve 9
nvd 12
cve 12
prion 7
cvelist 10
zdt 2
zdi 1
cisa_kev 1
attackerkb 1
canvas 1
exploitpack 1
debiancve 1
checkpoint_advisories 1
suse
suse
Security update for MozillaFirefox (important)
2015-08-14 19:09:37
Security update for MozillaFirefox (important)
2015-08-14 19:10:03
Security update for MozillaFirefox, mozilla-nss (important)
2015-09-10 17:10:07
nessus
nessus
openSUSE Security Update : MozillaFirefox (openSUSE-2015-548)
2015-08-17 00:00:00
Ubuntu 14.04 LTS : Ubufox update (USN-2702-2)
2015-08-12 00:00:00
Mozilla Firefox < 40.0 Multiple Vulnerabilities
2015-09-09 00:00:00
openvas
openvas
openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2015:1390-1)
2015-08-15 00:00:00
Mozilla Firefox Multiple Vulnerabilities (Aug 2015) - Mac OS X
2015-08-19 00:00:00
openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2015:1389-1)
2015-09-18 00:00:00
ubuntu
ubuntu
Ubufox update
2015-08-11 00:00:00
Firefox regression
2015-08-20 00:00:00
Firefox vulnerabilities
2015-08-11 00:00:00
archlinux
archlinux
firefox: multiple issues
2015-08-12 00:00:00
kaspersky
kaspersky
KLA10643 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2015-08-11 00:00:00
KLA10642 Obtain sensitive information vulnerability in Mozilla Firefox and Firefox ESR
2015-08-06 00:00:00
redhat
redhat
(RHSA-2015:1586) Critical: firefox security update
2015-08-11 00:00:00
(RHSA-2015:1682) Important: thunderbird security update
2015-08-25 00:00:00
(RHSA-2015:1581) Important: firefox security update
2015-08-07 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 05:41:46
Use-after-free Vulnerability
2019-05-02 05:42:03
Arbitrary Code Execution
2019-05-02 05:41:48
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-08-11 00:00:00
libvpx -- multiple buffer overflows
2015-08-11 00:00:00
centos
centos
firefox security update
2015-08-11 20:36:44
thunderbird security update
2015-08-25 22:25:27
firefox security update
2015-08-08 08:45:36
mageia
mageia
Updated firefox packages fixes security vulnerabilities
2015-08-11 23:22:53
Updated thunderbird packages fix security vulnerabilities
2015-08-27 23:49:46
Updated firefox package fixes CVE-2015-4495
2015-08-07 22:20:18
oraclelinux
oraclelinux
firefox security update
2015-08-11 00:00:00
thunderbird security update
2015-08-25 00:00:00
firefox security update
2015-08-08 00:00:00
debian
debian
[SECURITY] [DSA 3333-1] iceweasel security update
2015-08-12 10:24:11
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey / Firefox OS multiple security vulnerabilities
2015-08-31 00:00:00
mozilla
mozilla
Vulnerabilities found through code inspection — Mozilla
2015-08-11 00:00:00
Overflow issues in libstagefright — Mozilla
2015-08-11 00:00:00
Buffer overflows on Libvpx when decoding WebM video — Mozilla
2015-08-11 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities of Mozilla Firefox in IBM Storwize V7000 Unified
2018-06-18 00:09:54
Security Bulletin: Mozilla Firefox vulnerability issues in IBM SONAS
2018-06-18 00:09:55
ubuntucve
ubuntucve
CVE-2015-4490
2015-08-11 00:00:00
CVE-2015-4481
2015-08-16 00:00:00
CVE-2015-4479
2015-08-11 00:00:00
nvd
nvd
CVE-2015-4481
2015-08-16 01:59:08
CVE-2015-4495
2015-08-08 00:59:04
CVE-2015-4482
2015-08-16 01:59:09
cve
cve
CVE-2015-4474
2015-08-16 01:59:02
CVE-2015-4478
2015-08-16 01:59:05
CVE-2015-4480
2015-08-16 01:59:07
prion
prion
Cross site scripting
2015-08-16 01:59:00
Integer overflow
2015-08-16 01:59:00
Race condition
2015-08-16 01:59:00
cvelist
cvelist
CVE-2015-4490
2015-08-16 01:00:00
CVE-2015-4480
2015-08-16 01:00:00
CVE-2015-4479
2015-08-16 01:00:00
zdt
zdt
Mozilla Maintenance Service Log File Overwrite Elevation of Privilege Exploit
2015-08-21 00:00:00
Firefox 39.03 - pdf.js Same Origin Policy Exploit
2015-08-15 00:00:00
zdi
zdi
Mozilla Firefox MPEG4 saio Chunk Integer Overflow Remote Code Execution Vulnerability
2015-10-05 00:00:00
cisa_kev
cisa_kev
Mozilla Firefox Security Feature Bypass Vulnerability
2022-05-25 00:00:00
attackerkb
attackerkb
CVE-2015-4495
2015-08-08 00:00:00
canvas
canvas
Immunity Canvas: FIREFOX_PDFJS_FILEREADER
2015-08-08 00:59:00
exploitpack
exploitpack
Mozilla Firefox 39.03 - pdf.js Same Origin Policy
2015-08-15 00:00:00
debiancve
debiancve
CVE-2015-4495
2015-08-08 00:59:04
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox Same Origin Violation And Local File Access (2015-78; CVE-2015-4495)
2015-08-10 00:00:00

0.89 High

EPSS

Percentile

98.8%

JSON
Related for 4D7388FD1B0BA03091504ED2BB538F1830FC63DB48227823340B637944B531B3
suse7nessus37openvas47ubuntu4archlinux1kaspersky2redhat3veracode13freebsd2centos3mageia3oraclelinux3debian1securityvulns1mozilla11ibm2ubuntucve9nvd12cve12prion7cvelist10zdt2zdi1cisa_kev1attackerkb1canvas1exploitpack1debiancve1checkpoint_advisories1