Mozilla Firefox Multiple Integer Overflow Vulnerability (CVE-2015-4496)

Mozilla Firefox Multiple Integer Overflow Vulnerability (CVE-2015-4496)
Mozilla Firefox Multiple Integer Overflow Vulnerability (CVE-2015-4496)

Release date:
Updated on:

Affected Systems:

Mozilla Firefox < 38

Description:

Bugtraq id: 76333
CVE (CAN) ID: CVE-2015-4496

Mozilla Firefox is an open-source web browser that uses the Gecko engine.

When versions earlier than Mozilla Firefox 38 process sample metadata in MPEG4 video files, libstagefright inventory overflows in integer. Attackers can exploit these vulnerabilities to crash affected applications and cause DOS.

<* Source: Joshua Drake

Link: https://www.mozilla.org/en-US/security/advisories/mfsa2015-93/
*>

Suggestion:

Vendor patch:

Mozilla
-------
Mozilla has released a Security Bulletin (mfsa2015-93) and patches for this:
Mfsa2015-93: Integer overflows in libstagefright while processing MP4 video metadata
Link: https://www.mozilla.org/en-US/security/advisories/mfsa2015-93/

Manually install Firefox Flash plug-in Ubuntu 14.04

Replacement of Firefox in Ubuntu

Use apt-get to install FireFox and ThunderBird In Debian Linux

Stable Firefox 29 version released-how to install

Mozilla Firefox 31.0 official release and download

Firefox details: click here
Firefox: click here

This article permanently updates the link address: