5
CVE-2015-4503
- EPSS 1.56%
- Veröffentlicht 24.09.2015 04:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
- CVE-Watchlists
- Unerledigt
The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS application.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.56% | 0.72 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html
http://www.securityfocus.com/bid/76815
http://www.securitytracker.com/id/1033640
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html
http://www.mozilla.org/security/announce/2015/mfsa2015-97.html
https://bugzilla.mozilla.org/show_bug.cgi?id=994337