Vulnerability Details : CVE-2015-0813
Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2015-0813
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
Exploit prediction scoring system (EPSS) score for CVE-2015-0813
4.50%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-0813
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST |
References for CVE-2015-0813
-
http://www.securitytracker.com/id/1031996
Mozilla Firefox Bugs Let Remote Users Execute Arbitrary Code, Bypass Security Restrictions, and Obtain Potentially Sensitive Information - SecurityTracker
-
https://security.gentoo.org/glsa/201512-10
Mozilla Products: Multiple vulnerabilities (GLSA 201512-10) — Gentoo security
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Oracle Solaris Third Party Bulletin - April 2015
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1106596
1106596 - (CVE-2015-0813) heap-use-after-free at AppendElements
-
http://www.mozilla.org/security/announce/2015/mfsa2015-31.html
Use-after-free when using the Fluendo MP3 GStreamer plugin — MozillaVendor Advisory
-
http://www.securityfocus.com/bid/73463
Mozilla Firefox/Thunderbird CVE-2015-0813 Use After Free Memory Corruption Vulnerability
-
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html
[security-announce] openSUSE-SU-2015:0892-1: important: Update to Firefo
-
http://www.ubuntu.com/usn/USN-2552-1
USN-2552-1: Thunderbird vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html
[security-announce] SUSE-SU-2015:0704-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
[security-announce] openSUSE-SU-2015:1266-1: important: Mozilla (Firefox
-
http://rhn.redhat.com/errata/RHSA-2015-0771.html
RHSA-2015:0771 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2015-0766.html
RHSA-2015:0766 - Security Advisory - Red Hat Customer Portal
-
http://www.debian.org/security/2015/dsa-3212
Debian -- Security Information -- DSA-3212-1 icedove
-
http://www.debian.org/security/2015/dsa-3211
Debian -- Security Information -- DSA-3211-1 iceweasel
-
http://www.securitytracker.com/id/1032000
Mozilla Thunderbird Flaws Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Request Forgery Attacks - SecurityTracker
-
http://www.ubuntu.com/usn/USN-2550-1
USN-2550-1: Firefox vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html
[security-announce] openSUSE-SU-2015:0677-1: important: Security update
Jump to