CVE-2015-0817
First published: Tue Mar 24 2015(Updated: )
The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | <=36.0.1 | |
| Firefox | =31.0 | |
| Firefox | =31.1.0 | |
| Firefox | =31.1.1 | |
| Firefox | =31.3.0 | |
| Firefox | =31.5.1 | |
| Firefox ESR | =31.1 | |
| Firefox ESR | =31.2 | |
| Firefox ESR | =31.3 | |
| Firefox ESR | =31.4 | |
| Firefox ESR | =31.5 | |
| Mozilla SeaMonkey | <=2.33.0 | |
| Firefox ESR | =31.0 | |
| Firefox ESR | =31.1.0 | |
| Firefox ESR | =31.1.1 | |
| Firefox ESR | =31.3.0 | |
| Firefox ESR | =31.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00029.html
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00035.html
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00096.html
- http://rhn.redhat.com/errata/RHSA-2015-0718.html
- http://www.debian.org/security/2015/dsa-3201
- http://www.mozilla.org/security/announce/2015/mfsa2015-29.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- http://www.securityfocus.com/bid/73263
- http://www.securitytracker.com/id/1031958
- http://www.ubuntu.com/usn/USN-2538-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1145255
- https://security.gentoo.org/glsa/201504-01
Frequently Asked Questions
What is the severity of CVE-2015-0817?
CVE-2015-0817 has a medium severity rating as it can lead to unauthorized memory access.
How do I fix CVE-2015-0817?
To mitigate CVE-2015-0817, users should update to the latest versions of Mozilla Firefox, Firefox ESR, or SeaMonkey.
Which versions are affected by CVE-2015-0817?
CVE-2015-0817 affects Mozilla Firefox versions prior to 36.0.3, Firefox ESR versions before 31.5.2, and SeaMonkey versions before 2.33.1.
Can CVE-2015-0817 be exploited remotely?
Yes, CVE-2015-0817 can be exploited by remote attackers to read or write memory without proper bounds checking.
Is CVE-2015-0817 fixed in newer versions?
Yes, CVE-2015-0817 has been addressed and patched in versions of Mozilla Firefox, Firefox ESR, and SeaMonkey released after the specified versions.
- agent/type
- agent/weakness
- agent/severity
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/first-publish-date
- agent/author
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/firefox
- version/firefox/36.0.1
- version/firefox/31.0
- version/firefox/31.1.0
- version/firefox/31.1.1
- version/firefox/31.3.0
- version/firefox/31.5.1
- canonical/firefox esr
- version/firefox esr/31.1
- version/firefox esr/31.2
- version/firefox esr/31.3
- version/firefox esr/31.4
- version/firefox esr/31.5
- canonical/mozilla seamonkey
- version/mozilla seamonkey/2.33.0
- version/firefox esr/31.0
- version/firefox esr/31.1.0
- version/firefox esr/31.1.1
- version/firefox esr/31.3.0
- version/firefox esr/31.5.1