Lucene search
Mozilla FoundationMFSA2015-89HistoryAug 11, 2015 - 12:00 a.m.
Buffer overflows on Libvpx when decoding WebM video — Mozilla
2015-08-1100:00:00
Mozilla Foundation
www.mozilla.org
33
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.018
Percentile
88.3%
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover two buffer overflow issues in the Libvpx library used for WebM video when decoding a malformed WebM video file. These buffer overflows result in potentially exploitable crashes.
Affected configurations
Node
mozillafirefoxRange<40
ORmozillafirefox_esrRange<38.2
ORmozillafirefox_osRange<2.5
ORmozillaseamonkeyRange<2.35
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | firefox | * | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
| mozilla | firefox_esr | * | cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* |
| mozilla | firefox_os | * | cpe:2.3:o:mozilla:firefox_os:*:*:*:*:*:*:*:* |
| mozilla | seamonkey | * | cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* |
Related
nessus
nessus
FreeBSD : libvpx -- multiple buffer overflows (34e60332-2448-4ed6-93f0-12713749f250)
2015-08-12 00:00:00
RHEL 5 / 6 / 7 : firefox (RHSA-2015:1586)
2015-08-12 00:00:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2015-89) - Linux
2021-11-11 00:00:00
Ubuntu: Security Advisory (USN-2702-2)
2015-08-12 00:00:00
Ubuntu: Security Advisory (USN-2702-3)
2015-08-21 00:00:00
freebsd
freebsd
libvpx -- multiple buffer overflows
2015-08-11 00:00:00
prion
prion
Out-of-bounds
2015-08-16 01:59:00
Heap overflow
2015-08-16 01:59:00
ubuntucve
ubuntucve
CVE-2015-4486
2015-08-11 00:00:00
CVE-2015-4485
2015-08-11 00:00:00
debiancve
debiancve
CVE-2015-4485
2015-08-16 01:59:13
CVE-2015-4486
2015-08-16 01:59:14
nvd
nvd
CVE-2015-4486
2015-08-16 01:59:14
CVE-2015-4485
2015-08-16 01:59:13
cve
cve
CVE-2015-4486
2015-08-16 01:59:14
CVE-2015-4485
2015-08-16 01:59:13
cvelist
cvelist
CVE-2015-4486
2015-08-16 01:00:00
CVE-2015-4485
2015-08-16 01:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 05:41:48
Information Disclosure
2019-05-02 05:41:47
Arbitrary Code Execution
2019-05-02 05:42:03
suse
suse
Security update for MozillaFirefox, mozilla-nss (important)
2015-09-10 17:10:07
Security update for MozillaFirefox, mozilla-nss (important)
2015-09-02 12:10:07
Security update for MozillaFirefox (important)
2015-08-14 19:10:03
centos
centos
firefox security update
2015-08-11 20:36:44
oraclelinux
oraclelinux
firefox security update
2015-08-11 00:00:00
mageia
mageia
Updated firefox packages fixes security vulnerabilities
2015-08-11 23:22:53
redhat
redhat
(RHSA-2015:1586) Critical: firefox security update
2015-08-11 00:00:00
ubuntu
ubuntu
Firefox regression
2015-08-20 00:00:00
Ubufox update
2015-08-11 00:00:00
Firefox vulnerabilities
2015-08-11 00:00:00
archlinux
archlinux
firefox: multiple issues
2015-08-12 00:00:00
kaspersky
kaspersky
KLA10643 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2015-08-11 00:00:00
ibm
ibm
securityvulns
securityvulns
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2016-05-31 00:00:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.018
Percentile
88.3%
Related for MFSA2015-89