Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

Customers

CVE-2015-4479 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2015-4479

CVE-2015-4479

UNKNOWN

Multiple integer overflows in libstagefright in Mozilla Firefox before 40

Published Aug 16, 2015

Modified 1 years ago

Details

Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to execute arbitrary code via a crafted saio chunk in MPEG-4 video data.

References

ADVISORY

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html

ADVISORY

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html

ADVISORY

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

ADVISORY

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html

ADVISORY

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html

ADVISORY

http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html

ADVISORY

http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html

ADVISORY

http://rhn.redhat.com/errata/RHSA-2015-1586.html

ADVISORY

http://www.debian.org/security/2015/dsa-3333

WEB

http://www.mozilla.org/security/announce/2015/mfsa2015-83.html

WEB

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

WEB

http://www.securitytracker.com/id/1033247

ADVISORY

http://www.ubuntu.com/usn/USN-2702-1

ADVISORY

http://www.ubuntu.com/usn/USN-2702-2

ADVISORY

http://www.ubuntu.com/usn/USN-2702-3

WEB

http://www.zerodayinitiative.com/advisories/ZDI-15-456

WEB

https://bugzilla.mozilla.org/show_bug.cgi?id=1170344

WEB

https://bugzilla.mozilla.org/show_bug.cgi?id=1185115

ADVISORY

https://security.gentoo.org/glsa/201605-06

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2015-4479

CVSS Analysis

CVSS v2.0

10.0

Exploitability

Access Vector

NetworkAV:N

Access Complexity

LowAC:L

Authentication

NoneAu:N

Impact

Confidentiality

CompleteC:C

Integrity

CompleteI:C

Availability

CompleteA:C

10/AV:N/AC:L/Au:N/C:C/I:C/A:C

Ecosystems

Timeline

PublishedAug 16, 2015

ModifiedAug 6, 2024