Published: 16/08/2015 Updated: 30/10/2018

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

mar_read.c in the Updater in Mozilla Firefox prior to 40.0 and Firefox ESR 38.x prior to 38.2 allows local users to gain privileges or cause a denial of service (out-of-bounds write) via a crafted name of a Mozilla Archive (aka MAR) file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opensuse opensuse 13.1
opensuse opensuse 13.2
mozilla firefox esr 38.0.5
mozilla firefox esr 38.0.1
mozilla firefox esr 38.1.0
mozilla firefox esr 38.0
mozilla firefox
oracle solaris 11.3

Mozilla Foundation Security Advisory 2015-85 Out-of-bounds write with Updater and malicious MAR file Announced August 11, 2015 Reporter Holger Fuhrmannek Impact High Products Firefox, Firefox ESR, Firefox OS, SeaMonkey, Thund ...

CWE-119 http://www.mozilla.org/security/announce/2015/mfsa2015-85.html https://bugzilla.mozilla.org/show_bug.cgi?id=1184500 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/76294 https://security.gentoo.org/glsa/201605-06 http://www.securitytracker.com/id/1033372 http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html http://www.securitytracker.com/id/1033247 https://nvd.nist.gov https://www.mozilla.org/en-US/security/advisories/mfsa2015-85/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-4482

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect