Mozilla Firefox JS boundary check eliminate Code Execution Vulnerability (CVE-2015-0817)
Mozilla Firefox JS boundary check eliminate Code Execution Vulnerability (CVE-2015-0817)
Release date:
Updated on:
Affected Systems:
Mozilla Firefox
Mozilla SeaMonkey < 2.33.1
Mozilla Firefox ESR < 31.5.2
Unaffected system:
Mozilla Firefox < 36.0.3
Description:
CVE (CAN) ID: CVE-2015-0817
Mozilla Firefox is an open-source web browser that uses the Gecko engine. Thunderbird is a mail client tool that supports IMAP and POP3.
Versions earlier than Mozilla Firefox 36.0.3, earlier than Firefox ESR 31.5.2, and earlier than SeaMonkey 2.33.1, asm. in js implementation, the necessity of boundary check during JIT compilation and heap access is not correctly determined. This allows remote attackers to read and write unplanned memory locations by constructing JS and then execute arbitrary code.
<* Source: ilxu1a
*>
Suggestion:
Vendor patch:
Mozilla
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://bugzilla.mozilla.org/show_bug.cgi? Id = 1145255
Http://cve.mitre.org/cgi-bin/cvename.cgi? Name = CVE-2015-0817
Https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/
Manually install Firefox Flash plug-in Ubuntu 14.04
Replacement of Firefox in Ubuntu
Use apt-get to install FireFox and ThunderBird In Debian Linux
Stable Firefox 29 version released-how to install
Mozilla Firefox 31.0 official release and download
Firefox details: click here
Firefox: click here
This article permanently updates the link address: