Published: 01/04/2015 Updated: 03/01/2017

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

VMScore: 456

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Use-after-free vulnerability in the AppendElements function in Mozilla Firefox prior to 37.0, Firefox ESR 31.x prior to 31.6, and Thunderbird prior to 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote malicious users to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla thunderbird
mozilla firefox
mozilla firefox_esr

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Several security issues were fixed in Thunderbird ...

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions or denial of service For the stable distribution (wheezy), these problems have ...

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions, denial of service or cross-site request forgery For the stable distribution (whe ...

Mozilla Foundation Security Advisory 2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin Announced March 31, 2015 Reporter Aki Helin Impact Critical Products Firefox, Firefox ESR, SeaMonkey, Thunderbird F ...

Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 370, Firefox ESR 31x before 316, and Thunderbird before 316 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file ...

NVD-CWE-Other http://www.mozilla.org/security/announce/2015/mfsa2015-31.html https://bugzilla.mozilla.org/show_bug.cgi?id=1106596 http://www.ubuntu.com/usn/USN-2552-1 http://rhn.redhat.com/errata/RHSA-2015-0771.html http://www.ubuntu.com/usn/USN-2550-1 http://www.securitytracker.com/id/1032000 http://www.debian.org/security/2015/dsa-3211 http://rhn.redhat.com/errata/RHSA-2015-0766.html http://www.securitytracker.com/id/1031996 http://www.debian.org/security/2015/dsa-3212 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html https://security.gentoo.org/glsa/201512-10 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://www.securityfocus.com/bid/73463 http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html https://nvd.nist.gov https://usn.ubuntu.com/2550-1/https://access.redhat.com/security/cve/cve-2015-0813

CVE-2015-0813

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect