QwikSec

Security Database

CVE

CWE

Training

CVE-2015-4503

Published: Sep 24, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS application.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

openSUSE-SU-2015:1681

vendor-advisory

x_refsource_SUSE

http://www.mozilla.org/security/announce/2015/mfsa2015-97.html

x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_SECTRACK

https://bugzilla.mozilla.org/show_bug.cgi?id=994337

x_refsource_CONFIRM

openSUSE-SU-2015:1658

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.