What is CVE-2015-7181?

CVE-2015-7181 is a vulnerability in Mozilla Firefox, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2015-11-05.

Is CVE-2015-7181 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Mozilla Firefox

CVE-2015-7181

The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an un…

Vulnerability class: Buffer Overflow

EPSS: 0.050 (89.9th percentile) — read the EPSS interpretation.

Affected products

Mozilla Firefox — versions 38.0, 38.0.1, 38.0.5
Mozilla Network_security_services — versions 3.20.0
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

security@mozilla.org (x_refsource_CONFIRM)
1034069 (vdb-entry, x_refsource_SECTRACK)
security@mozilla.org (x_refsource_CONFIRM)
DSA-3688 (vendor-advisory, x_refsource_DEBIAN)
DSA-3410 (vendor-advisory, x_refsource_DEBIAN)
SUSE-SU-2015:2081 (vendor-advisory, x_refsource_SUSE)
security@mozilla.org (x_refsource_CONFIRM)
GLSA-201512-10 (vendor-advisory, x_refsource_GENTOO)
security@mozilla.org (x_refsource_CONFIRM)
SUSE-SU-2015:1981 (vendor-advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2015-7181?: CVE-2015-7181 is a vulnerability in Mozilla Firefox, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2015-11-05.
Is CVE-2015-7181 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.