CVE-2015-4503
N/A
N/A
Summary
The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html
- http://www.mozilla.org/security/announce/2015/mfsa2015-97.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securityfocus.com/bid/76815
- http://www.securitytracker.com/id/1033640
- https://bugzilla.mozilla.org/show_bug.cgi?id=994337
- http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html
References
- http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html
- http://www.mozilla.org/security/announce/2015/mfsa2015-97.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securityfocus.com/bid/76815
- http://www.securitytracker.com/id/1033640
- https://bugzilla.mozilla.org/show_bug.cgi?id=994337
- http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.