First published: Wed Apr 01 2015(Updated: )
The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors that trigger rendering of 2D graphics content.
Credit: security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
openSUSE | =13.1 | |
openSUSE | =13.2 | |
Mozilla Firefox | <=36.0.4 | |
Ubuntu Linux | =12.04 | |
Ubuntu Linux | =14.04 | |
Ubuntu Linux | =14.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-0805 has a high severity rating due to its potential for remote code execution.
To fix CVE-2015-0805, update Mozilla Firefox to version 37.0 or later.
CVE-2015-0805 affects Mozilla Firefox versions up to and including 36.0.4 and specific versions of openSUSE and Ubuntu Linux.
Yes, CVE-2015-0805 can lead to denial of service due to its flawed memory handling.
CVE-2015-0805 can be exploited through crafted web content that interacts with the vulnerable BufferTextureClient implementation.