CVE-2015-4479

2015-08-16 03:59:06 2018-10-30 17:27:35

Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to execute arbitrary code via a crafted saio chunk in MPEG-4 video data.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Canonical Ubuntu Linux 15.04 Canonical Ubuntu Linux 14.04 LTS (Long-Term Support) Canonical Ubuntu Linux 12.04 LTS Opensuse Opensuse 13.1 (not an official CPE) Opensuse Opensuse 13.2 (not an official CPE)

Mozilla Firefox esr 38.1.0 (not an official CPE) Mozilla Firefox esr 38.0.5 (not an official CPE) Mozilla Firefox esr 38.0.1 (not an official CPE) Mozilla Firefox esr 38.0 (not an official CPE) Mozilla Firefox 39.0.3 (not an official CPE)

Canonical - Ubuntu linux Mozilla - Firefox esr Mozilla - Firefox Opensuse - Opensuse

Advisory	Patch	Confirmed	Link
			http://www.zerodayinitiative.com/advisories/ZDI-15-456
			USN-2702-3
			USN-2702-1
			USN-2702-2
			1033247
			http://www.oracle.com/technetwork/topics/security/bullet...
			http://www.mozilla.org/security/announce/2015/mfsa2015-8...
			DSA-3333
			RHSA-2015:1586
			openSUSE-SU-2015:1454
			openSUSE-SU-2015:1453
			SUSE-SU-2015:2081
			SUSE-SU-2015:1528
			SUSE-SU-2015:1449
			openSUSE-SU-2015:1390
			openSUSE-SU-2015:1389
			https://bugzilla.mozilla.org/show_bug.cgi?id=1170344
			https://bugzilla.mozilla.org/show_bug.cgi?id=1185115
			GLSA-201605-06

Numeric Errors (ID 189)