CVE-2015-2729

The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ESR 38.x before 38.1 does not properly calculate an oscillator rendering range, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html
http://rhn.redhat.com/errata/RHSA-2015-1207.html
http://www.mozilla.org/security/announce/2015/mfsa2015-62.html	Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html	Third Party Advisory
http://www.securityfocus.com/bid/75541
http://www.securitytracker.com/id/1032783
http://www.ubuntu.com/usn/USN-2656-1
http://www.ubuntu.com/usn/USN-2656-2
https://bugzilla.mozilla.org/show_bug.cgi?id=1122218	Issue Tracking
https://security.gentoo.org/glsa/201512-10
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html
http://rhn.redhat.com/errata/RHSA-2015-1207.html
http://www.mozilla.org/security/announce/2015/mfsa2015-62.html	Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html	Third Party Advisory
http://www.securityfocus.com/bid/75541
http://www.securitytracker.com/id/1032783
http://www.ubuntu.com/usn/USN-2656-1
http://www.ubuntu.com/usn/USN-2656-2
https://bugzilla.mozilla.org/show_bug.cgi?id=1122218	Issue Tracking
https://security.gentoo.org/glsa/201512-10

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox:31.0:::::::*
	cpe:2.3:a:mozilla:firefox:31.1.0:::::::*
	cpe:2.3:a:mozilla:firefox:31.1.1:::::::*
	cpe:2.3:a:mozilla:firefox:31.3.0:::::::*
	cpe:2.3:a:mozilla:firefox:31.5.1:::::::*
	cpe:2.3:a:mozilla:firefox:31.5.2:::::::*
	cpe:2.3:a:mozilla:firefox:31.5.3:::::::*
	cpe:2.3:a:mozilla:firefox:38.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.1:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.2:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.3:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.4:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.5:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.6.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.7.0:::::::*

Configuration 2 (hide)

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

History

21 Nov 2024, 02:27

Type	Values Removed	Values Added
References	~~() http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html -~~	() http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html -
References	~~() http://rhn.redhat.com/errata/RHSA-2015-1207.html -~~	() http://rhn.redhat.com/errata/RHSA-2015-1207.html -
References	~~() http://www.mozilla.org/security/announce/2015/mfsa2015-62.html - Vendor Advisory~~	() http://www.mozilla.org/security/announce/2015/mfsa2015-62.html - Vendor Advisory
References	~~() http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html - Third Party Advisory~~	() http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html - Third Party Advisory
References	~~() http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html - Third Party Advisory~~	() http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html - Third Party Advisory
References	~~() http://www.securityfocus.com/bid/75541 -~~	() http://www.securityfocus.com/bid/75541 -
References	~~() http://www.securitytracker.com/id/1032783 -~~	() http://www.securitytracker.com/id/1032783 -
References	~~() http://www.ubuntu.com/usn/USN-2656-1 -~~	() http://www.ubuntu.com/usn/USN-2656-1 -
References	~~() http://www.ubuntu.com/usn/USN-2656-2 -~~	() http://www.ubuntu.com/usn/USN-2656-2 -
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=1122218 - Issue Tracking~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=1122218 - Issue Tracking
References	~~() https://security.gentoo.org/glsa/201512-10 -~~	() https://security.gentoo.org/glsa/201512-10 -

22 Oct 2024, 13:54

Type	Values Removed	Values Added
CPE	cpe:2.3:a:mozilla:firefox_esr:31.5.1:::::::*	cpe:2.3:a:mozilla:firefox:31.5.1:::::::*

22 Oct 2024, 13:42

Type	Values Removed	Values Added
CPE	cpe:2.3:a:mozilla:firefox_esr:38.0:::::::*	cpe:2.3:a:mozilla:firefox:38.0:::::::*

21 Oct 2024, 13:55

Type	Values Removed	Values Added
CPE	cpe:2.3:a:mozilla:firefox_esr:31.1.0:::::::* cpe:2.3:a:mozilla:firefox_esr:31.0:::::::*	cpe:2.3:a:mozilla:firefox:31.1.0:::::::* cpe:2.3:a:mozilla:firefox:31.0:::::::*

21 Oct 2024, 13:11

Type	Values Removed	Values Added
CPE	cpe:2.3:a:mozilla:firefox_esr:31.3.0:::::::* cpe:2.3:a:mozilla:firefox_esr:31.5.2:::::::* cpe:2.3:a:mozilla:firefox_esr:31.1.1:::::::* cpe:2.3:a:mozilla:firefox_esr:31.5.3:::::::*	cpe:2.3:a:mozilla:firefox:31.5.3:::::::* cpe:2.3:a:mozilla:firefox:31.3.0:::::::* cpe:2.3:a:mozilla:firefox:31.5.2:::::::* cpe:2.3:a:mozilla:firefox:31.1.1:::::::*

Information

Published : 2015-07-06 02:01

Updated : 2025-04-12 10:46

NVD link : CVE-2015-2729

Mitre link : CVE-2015-2729

CVE.ORG link : CVE-2015-2729

JSON object : View

Products Affected

mozilla

thunderbird
firefox_esr
firefox

oracle

solaris

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

5.0 /10