Buffer overflow in Mozilla Firefox
CVE-2015-7183
Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38…
Vulnerability class: Buffer Overflow
EPSS: 0.047 (89.6th percentile) — read the EPSS interpretation.
Affected products
- Mozilla Firefox — versions 38.0, 38.0.1, 38.0.5
- Mozilla Network_security_services — versions 3.20.0
- N/a — versions n/a
Weakness classification (CWE)
References
- security@mozilla.org (x_refsource_CONFIRM)
- 1034069 (vdb-entry, x_refsource_SECTRACK)
- security@mozilla.org (x_refsource_CONFIRM)
- SUSE-SU-2015:2081 (vendor-advisory, x_refsource_SUSE)
- GLSA-201512-10 (vendor-advisory, x_refsource_GENTOO)
- security@mozilla.org (x_refsource_CONFIRM)
- SUSE-SU-2015:1981 (vendor-advisory, x_refsource_SUSE)
- security@mozilla.org (x_refsource_CONFIRM)
- DSA-3406 (vendor-advisory, x_refsource_DEBIAN)
- security@mozilla.org (x_refsource_CONFIRM)