CVE-2015-4503 Information

Feb 14, 2021 cve

Description

The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls which allows remote TCP servers to obtain sensitive information from process memory by reading packet data as demonstrated by availability of this API in a Firefox OS application.

Reference

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html http://www.mozilla.org/security/announce/2015/mfsa2015-97.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/76815 http://www.securitytracker.com/id/1033640 https://bugzilla.mozilla.org/show_bug.cgi?id=994337

Share on: