Vulnerability-Lookup

CVE-2015-4504 (GCVE-0-2015-4504)

Vulnerability from cvelistv5 – Published: 2015-09-24 01:00 – Updated: 2024-08-06 06:18

Summary

The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and application crash) via crafted attributes in the ICC 4 profile of an image.

Severity ?

No CVSS data available.

CWE

Assigner

mozilla

References

URL

Tags

	http://www.mozilla.org/security/announce/2015/mfs…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://bugzilla.mozilla.org/show_bug.cgi?id=1132467	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2743-4	vendor-advisoryx_refsource_UBUNTU
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2743-3	vendor-advisoryx_refsource_UBUNTU
	http://www.securityfocus.com/bid/76815	vdb-entryx_refsource_BID
	http://www.ubuntu.com/usn/USN-2743-2	vendor-advisoryx_refsource_UBUNTU
	http://www.securitytracker.com/id/1033640	vdb-entryx_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2743-1	vendor-advisoryx_refsource_UBUNTU

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:18:11.610Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-98.html"
          },
          {
            "name": "openSUSE-SU-2015:1681",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1132467"
          },
          {
            "name": "USN-2743-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2743-4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "USN-2743-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2743-3"
          },
          {
            "name": "76815",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/76815"
          },
          {
            "name": "USN-2743-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2743-2"
          },
          {
            "name": "1033640",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033640"
          },
          {
            "name": "openSUSE-SU-2015:1658",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html"
          },
          {
            "name": "USN-2743-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2743-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-09-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and application crash) via crafted attributes in the ICC 4 profile of an image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-20T16:57:01.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-98.html"
        },
        {
          "name": "openSUSE-SU-2015:1681",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1132467"
        },
        {
          "name": "USN-2743-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2743-4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "USN-2743-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2743-3"
        },
        {
          "name": "76815",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/76815"
        },
        {
          "name": "USN-2743-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2743-2"
        },
        {
          "name": "1033640",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033640"
        },
        {
          "name": "openSUSE-SU-2015:1658",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html"
        },
        {
          "name": "USN-2743-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2743-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2015-4504",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and application crash) via crafted attributes in the ICC 4 profile of an image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-98.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-98.html"
            },
            {
              "name": "openSUSE-SU-2015:1681",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1132467",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1132467"
            },
            {
              "name": "USN-2743-4",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2743-4"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "USN-2743-3",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2743-3"
            },
            {
              "name": "76815",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/76815"
            },
            {
              "name": "USN-2743-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2743-2"
            },
            {
              "name": "1033640",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033640"
            },
            {
              "name": "openSUSE-SU-2015:1658",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html"
            },
            {
              "name": "USN-2743-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2743-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2015-4504",
    "datePublished": "2015-09-24T01:00:00.000Z",
    "dateReserved": "2015-06-10T00:00:00.000Z",
    "dateUpdated": "2024-08-06T06:18:11.610Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-4504

Vulnerability from fstec - Published: 24.09.2015

Title

Уязвимость браузера Firefox, позволяющая нарушителю получить доступ к защищаемой информации или вызвать отказ в обслуживании

Description

Уязвимость функции lut_inverse_interp16 библиотеки QCMS браузера Firefox вызвана переполнением буфера. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить доступ к защищаемой информации или вызвать отказ в обслуживании с помощью специально сформированного изображения

Severity ?

Vendor

Mozilla Corp.

Software Name

Firefox

Software Version

до 41 (Firefox)

Possible Mitigations

Обновление программного обеспечения до версии 41.0 или более новой

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1132467 http://www.mozilla.org/security/announce/2015/mfsa2015-98.html

CWE

CWE-119

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
  "CVSS 3.0": null,
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Mozilla Corp.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 41 (Firefox)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 41.0 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043d\u043e\u0432\u043e\u0439",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "24.09.2015",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "06.10.2015",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2015-11512",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2015-4504",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Firefox",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . 64-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . 32-bit, Apple Inc. MacOS X 32-bit, Microsoft Corp Windows - 64-bit, Microsoft Corp Windows - 32-bit, Apple Inc. MacOS X 64-bit, Google Inc Android . 64-bit, Google Inc Android . 32-bit, Google Inc Android . ARM, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . ARM, Microsoft Corp Windows - ARM, Computer Science Research Group FreeBSD . 32-bit, Apple Inc. MacOS X ARM",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Firefox, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 lut_inverse_interp16 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 QCMS \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Firefox \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://bugzilla.mozilla.org/show_bug.cgi?id=1132467\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-98.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,4)"
}

GHSA-622X-CJX7-8HVQ

Vulnerability from github – Published: 2022-05-17 03:20 – Updated: 2022-05-17 03:20

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-4504"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-09-24T04:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and application crash) via crafted attributes in the ICC 4 profile of an image.",
  "id": "GHSA-622x-cjx7-8hvq",
  "modified": "2022-05-17T03:20:02Z",
  "published": "2022-05-17T03:20:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4504"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1132467"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-98.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/76815"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033640"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2743-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2743-2"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2743-3"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2743-4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2015-06301

Vulnerability from cnvd - Published: 2015-10-09

Title

Mozilla Firefox QCMS库缓冲区溢出漏洞

Description

Mozilla Firefox是一款开源Web浏览器。 Mozilla Firefox QCMS库中的‘lut_inverse_interp16’函数存在安全漏洞。远程攻击者可利用图像的ICC 4配置文件中特制的属性获取敏感信息，或进行拒绝服务攻击。

Severity

中

Patch Name

Mozilla Firefox QCMS库缓冲区溢出漏洞的补丁

Patch Description

Mozilla Firefox是一款开源Web浏览器。 Mozilla Firefox QCMS库中的‘lut_inverse_interp16’函数存在安全漏洞。远程攻击者可利用图像的ICC 4配置文件中特制的属性获取敏感信息，或进行拒绝服务攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://www.mozilla.org/security/announce/2015/mfsa2015-98.html

Reference

http://www.mozilla.org/security/announce/2015/mfsa2015-98.html

Impacted products

Name
Mozilla Firefox <40.0.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-4504"
    }
  },
  "description": "Mozilla Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002\r\n\r\nMozilla Firefox QCMS\u5e93\u4e2d\u7684\u2018lut_inverse_interp16\u2019\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u56fe\u50cf\u7684ICC 4\u914d\u7f6e\u6587\u4ef6\u4e2d\u7279\u5236\u7684\u5c5e\u6027\u83b7\u53d6\u654f\u611f\u4fe1\u606f\uff0c\u6216\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
  "discovererName": "Mozilla",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-98.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-06301",
  "openTime": "2015-10-09",
  "patchDescription": "Mozilla Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002\r\n\r\nMozilla Firefox QCMS\u5e93\u4e2d\u7684\u2018lut_inverse_interp16\u2019\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u56fe\u50cf\u7684ICC 4\u914d\u7f6e\u6587\u4ef6\u4e2d\u7279\u5236\u7684\u5c5e\u6027\u83b7\u53d6\u654f\u611f\u4fe1\u606f\uff0c\u6216\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Mozilla Firefox QCMS\u5e93\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Mozilla Firefox \u003c40.0.3"
  },
  "referenceLink": "http://www.mozilla.org/security/announce/2015/mfsa2015-98.html",
  "serverity": "\u4e2d",
  "submitTime": "2015-09-27",
  "title": "Mozilla Firefox QCMS\u5e93\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CERTFR-2015-AVI-405

Vulnerability from certfr_avis - Published: 2015-09-23 - Updated: 2015-09-23

De multiples vulnérabilités ont été corrigées dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Firefox ESR versions antérieures à 38.3
	Mozilla	Firefox	Firefox versions antérieures à 41

References

Title

Publication Time

GSD-2015-4504

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2015-4504

Aliases

CVE-2015-4504

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-4504",
    "description": "The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and application crash) via crafted attributes in the ICC 4 profile of an image.",
    "id": "GSD-2015-4504",
    "references": [
      "https://www.suse.com/security/cve/CVE-2015-4504.html",
      "https://ubuntu.com/security/CVE-2015-4504",
      "https://advisories.mageia.org/CVE-2015-4504.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-4504"
      ],
      "details": "The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and application crash) via crafted attributes in the ICC 4 profile of an image.",
      "id": "GSD-2015-4504",
      "modified": "2023-12-13T01:19:59.878380Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2015-4504",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and application crash) via crafted attributes in the ICC 4 profile of an image."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-98.html",
            "refsource": "CONFIRM",
            "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-98.html"
          },
          {
            "name": "openSUSE-SU-2015:1681",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html"
          },
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1132467",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1132467"
          },
          {
            "name": "USN-2743-4",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2743-4"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "USN-2743-3",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2743-3"
          },
          {
            "name": "76815",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/76815"
          },
          {
            "name": "USN-2743-2",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2743-2"
          },
          {
            "name": "1033640",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1033640"
          },
          {
            "name": "openSUSE-SU-2015:1658",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html"
          },
          {
            "name": "USN-2743-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2743-1"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "40.0.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2015-4504"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and application crash) via crafted attributes in the ICC 4 profile of an image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1132467",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1132467"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-98.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-98.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "76815",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/76815"
            },
            {
              "name": "openSUSE-SU-2015:1681",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html"
            },
            {
              "name": "openSUSE-SU-2015:1658",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html"
            },
            {
              "name": "USN-2743-4",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2743-4"
            },
            {
              "name": "USN-2743-3",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2743-3"
            },
            {
              "name": "USN-2743-2",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2743-2"
            },
            {
              "name": "USN-2743-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2743-1"
            },
            {
              "name": "1033640",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1033640"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2016-12-22T02:59Z",
      "publishedDate": "2015-09-24T04:59Z"
    }
  }
}

FKIE_CVE-2015-4504

Vulnerability from fkie_nvd - Published: 2015-09-24 04:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html
security@mozilla.org	http://www.mozilla.org/security/announce/2015/mfsa2015-98.html
security@mozilla.org	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
security@mozilla.org	http://www.securityfocus.com/bid/76815
security@mozilla.org	http://www.securitytracker.com/id/1033640
security@mozilla.org	http://www.ubuntu.com/usn/USN-2743-1
security@mozilla.org	http://www.ubuntu.com/usn/USN-2743-2
security@mozilla.org	http://www.ubuntu.com/usn/USN-2743-3
security@mozilla.org	http://www.ubuntu.com/usn/USN-2743-4
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1132467	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html
af854a3a-2127-422b-91ae-364da2661108	http://www.mozilla.org/security/announce/2015/mfsa2015-98.html
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/76815
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1033640
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2743-1
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2743-2
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2743-3
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2743-4
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1132467	Vendor Advisory

Impacted products

	Vendor	Product	Version
	mozilla	firefox	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EE7B0EF-4A3A-4353-8B50-6F28B5CADBDB",
              "versionEndIncluding": "40.0.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and application crash) via crafted attributes in the ICC 4 profile of an image."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en la funci\u00f3n lut_inverse_interp16 en la librer\u00eda QCMS en Mozilla Firefox en versiones anteriores a 41.0, permite a atacantes remotos obtener informaci\u00f3n sensible o provocar una denegaci\u00f3n de servicio (sobrelectura del buffer y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de atributos manipuados en el perfil ICC 4 de una imagen."
    }
  ],
  "id": "CVE-2015-4504",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-09-24T04:59:07.287",
  "references": [
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-98.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.securityfocus.com/bid/76815"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.securitytracker.com/id/1033640"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.ubuntu.com/usn/USN-2743-1"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.ubuntu.com/usn/USN-2743-2"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.ubuntu.com/usn/USN-2743-3"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.ubuntu.com/usn/USN-2743-4"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1132467"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-98.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/76815"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1033640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2743-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2743-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2743-3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2743-4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1132467"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-4504 (GCVE-0-2015-4504)

CVE-2015-4504

GHSA-622X-CJX7-8HVQ

CNVD-2015-06301

CERTFR-2015-AVI-405

Solution

GSD-2015-4504

FKIE_CVE-2015-4504

Tags

Sightings

Nomenclature