5.1

CVE-2015-0813

EPSS 2.84%
Published 01.04.2015 10:59:12
Last modified 12.04.2025 10:46:40
Source security@mozilla.org
Teams watchlist Login
Open Login

Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file.

Affected products Warnungen 0 Metrics 2 CWE 0 References 20

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version <= 36.0.4

Linux ≫ Linux Kernel

Mozilla ≫ Firefox ESR Version <= 31.5.3

Linux ≫ Linux Kernel

Mozilla ≫ Thunderbird Version <= 31.5

Linux ≫ Linux Kernel

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.84%	0.857

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

https://security.gentoo.org/glsa/201512-10

http://www.securitytracker.com/id/1031996

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html

http://rhn.redhat.com/errata/RHSA-2015-0766.html

http://rhn.redhat.com/errata/RHSA-2015-0771.html

http://www.debian.org/security/2015/dsa-3211

http://www.debian.org/security/2015/dsa-3212

http://www.securitytracker.com/id/1032000

http://www.ubuntu.com/usn/USN-2550-1

http://www.ubuntu.com/usn/USN-2552-1

http://www.mozilla.org/security/announce/2015/mfsa2015-31.html

Vendor Advisory

http://www.securityfocus.com/bid/73463

https://bugzilla.mozilla.org/show_bug.cgi?id=1106596

https://nvd.nist.gov/vuln/detail/CVE-2015-0813

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-0813

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-0813

EUVD