Mozilla Firefox JS boundary check eliminate Code Execution Vulnerability (CVE-2015-0817)

Mozilla Firefox JS boundary check eliminate Code Execution Vulnerability (CVE-2015-0817)
Mozilla Firefox JS boundary check eliminate Code Execution Vulnerability (CVE-2015-0817)

Release date:
Updated on:

Affected Systems:

Mozilla Firefox 
Mozilla SeaMonkey < 2.33.1
Mozilla Firefox ESR < 31.5.2

Unaffected system:

Mozilla Firefox < 36.0.3

Description:

CVE (CAN) ID: CVE-2015-0817

Mozilla Firefox is an open-source web browser that uses the Gecko engine. Thunderbird is a mail client tool that supports IMAP and POP3.

Versions earlier than Mozilla Firefox 36.0.3, earlier than Firefox ESR 31.5.2, and earlier than SeaMonkey 2.33.1, asm. in js implementation, the necessity of boundary check during JIT compilation and heap access is not correctly determined. This allows remote attackers to read and write unplanned memory locations by constructing JS and then execute arbitrary code.

<* Source: ilxu1a
*>

Suggestion:

Vendor patch:

Mozilla
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Https://bugzilla.mozilla.org/show_bug.cgi? Id = 1145255
Http://cve.mitre.org/cgi-bin/cvename.cgi? Name = CVE-2015-0817
Https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/

 

Manually install Firefox Flash plug-in Ubuntu 14.04

Replacement of Firefox in Ubuntu

Use apt-get to install FireFox and ThunderBird In Debian Linux

Stable Firefox 29 version released-how to install

Mozilla Firefox 31.0 official release and download

Firefox details: click here
Firefox: click here

This article permanently updates the link address: