Vulnerability Details : CVE-2015-7202
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service
Products affected by CVE-2015-7202
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-7202
3.79%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-7202
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2015-7202
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-7202
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1219330
1219330 - crash in mozilla::layers::TextureClient::CreateForYCbCr with a 0xffffffffe5e5e609 address
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1193757
1193757 - Crash [@ graphite2::vm::Machine::Code::decoder::emit_opcode]
-
http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html
openSUSE-SU-2016:0307-1: moderate: Security update for seamonkey
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html
[SECURITY] Fedora 22 Update: firefox-43.0-1.fc22
-
http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html
openSUSE-SU-2016:0308-1: moderate: Security update for Seamonkey
-
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html
[security-announce] SUSE-SU-2015:2334-1: important: Security update for
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1221904
1221904 - "ASSERTION: Invalid offset" with bidi text change
-
https://security.gentoo.org/glsa/201512-10
Mozilla Products: Multiple vulnerabilities (GLSA 201512-10) — Gentoo security
-
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html
[security-announce] SUSE-SU-2015:2335-1: important: Security update for
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1207571
1207571 - Crash [@ js::DispatchValueTyped] or Crash [@ js::gc::TenuredCell::zone] with asm.js
-
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html
[security-announce] SUSE-SU-2015:2336-1: important: Security update for
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1193999
1193999 - Crash [@ graphite2::TtfUtil::CheckTable]
-
http://www.mozilla.org/security/announce/2015/mfsa2015-134.html
Miscellaneous memory safety hazards (rv:43.0 / rv:38.5) — MozillaVendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1194006
1194006 - Crash [@ unsigned long be::_peek]
-
http://www.securitytracker.com/id/1034426
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, Bypass Same-Origin Policy, and Cause Denial of Service Conditions - SecurityTracker
-
http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html
openSUSE-SU-2015:2353-1: moderate: Security update for MozillaFirefox
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1221421
1221421 - "Assertion failure: this->is<T>()" in array_length_getter after changing __proto__ on DOM style object
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1208059
1208059 - crash in mozilla::plugins::PluginAsyncSurrogate::Cast on 42 beta, often with 0xffffffffe5e5e5e5 address
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html
[SECURITY] Fedora 23 Update: firefox-43.0-1.fc23
-
http://www.ubuntu.com/usn/USN-2833-1
USN-2833-1: Firefox vulnerabilities | Ubuntu security notices
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1188105
1188105 - Possible buffer overwrite in SplitDriverVersion
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1197012
1197012 - crash in nsAString_internal::Assign(nsAString_internal const&, mozilla::fallible_t const&) | nsAString_internal::Assign(nsAString_internal const&) | mozilla::ErrorResult::ThrowErrorWithMessa
-
http://www.securityfocus.com/bid/79279
Mozilla Firefox Multiple Security Vulnerabilities
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1212305
1212305 - Assertion failure: calleeScript->hasBaselineScript(), at js/src/jit/Ion.cpp:619
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1200580
1200580 - Crash in mozilla::DisplayItemClip::IntersectWith
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1194002
1194002 - Crash [@ graphite2::TtfUtil::HorMetrics]
Jump to