The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ESR 38.x before 38.1 does not properly calculate an oscillator rendering range, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
22 Oct 2024, 13:54
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:* |
cpe:2.3:a:mozilla:firefox:31.5.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:* |
21 Oct 2024, 13:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:* |
cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:* |
21 Oct 2024, 13:11
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mozilla:firefox_esr:31.5.2:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox_esr:31.1.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox_esr:31.3.0:*:*:*:*:*:*:* |
cpe:2.3:a:mozilla:firefox:31.3.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:31.5.2:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:31.5.3:*:*:*:*:*:*:* |
Information
Published : 2015-07-06 02:01
Updated : 2024-10-22 13:54
NVD link : CVE-2015-2729
Mitre link : CVE-2015-2729
CVE.ORG link : CVE-2015-2729
JSON object : View
Products Affected
mozilla
- firefox
- thunderbird
- firefox_esr
oracle
- solaris
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer