| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.7 | $0-$5k | 0.00 |
Summary
A vulnerability labeled as critical has been found in Mozilla Firefox 35. This vulnerability affects unknown code of the component MP4 Video File Handler. Executing a manipulation can lead to memory corruption. This vulnerability is handled as CVE-2015-0829. There is not any exploit available. The affected component should be upgraded.
Details
A vulnerability was found in Mozilla Firefox 35 (Web Browser). It has been declared as critical. This vulnerability affects an unknown part of the component MP4 Video File Handler. The manipulation with an unknown input leads to a memory corruption vulnerability. The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:
Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted MP4 video that is improperly handled during playback.
The weakness was released 02/24/2015 by Pantrombka as MFSA 2015-17 as confirmed security advisory (Website). The advisory is available at mozilla.org. This vulnerability was named CVE-2015-0829 since 01/07/2015. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 03/10/2022).
The vulnerability scanner Nessus provides a plugin with the ID 81588 (FreeBSD : mozilla -- multiple vulnerabilities (99029172-8253-407d-9d8b-2cfeab9abf81)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family FreeBSD Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 167676 (OpenSuSE Security Update for seamonkey (openSUSE-SU-2015:0570-1)).
Upgrading to version 36 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (101098), Tenable (81588), SecurityFocus (BID 72741†), SecurityTracker (ID 1031791†) and Vulnerability Center (SBV-48769†). Entries connected to this vulnerability are available at VDB-69212, VDB-69213, VDB-69214 and VDB-69215. If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.mozilla.org/
- Product: https://www.mozilla.org/en-US/firefox/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 10.0VulDB Meta Temp Score: 8.7
VulDB Base Score: 10.0
VulDB Temp Score: 8.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 81588
Nessus Name: FreeBSD : mozilla -- multiple vulnerabilities (99029172-8253-407d-9d8b-2cfeab9abf81)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 803420
OpenVAS Name: Mozilla Firefox Multiple Vulnerabilities-01 Mar15 (Windows)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Firefox 36
Timeline
01/07/2015 🔍02/24/2015 🔍
02/24/2015 🔍
02/24/2015 🔍
02/24/2015 🔍
02/24/2015 🔍
02/25/2015 🔍
02/25/2015 🔍
02/26/2015 🔍
03/10/2022 🔍
Sources
Vendor: mozilla.orgProduct: mozilla.org
Advisory: MFSA 2015-17
Researcher: Pantrombka
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2015-0829 (🔍)
GCVE (CVE): GCVE-0-2015-0829
GCVE (VulDB): GCVE-100-69226
X-Force: 101098 - Mozilla Firefox MP4 video file buffer overflow
SecurityFocus: 72741
SecurityTracker: 1031791 - Mozilla Firefox Multiple Flaws Let Remote Users Deny Service, Execute Arbitrary Code, Bypass Security Restrictions, and Obtain Potentially Sensitive Information and Let Local Users Gain Elevated Privileges
Vulnerability Center: 48769 - Mozilla Firefox <36.0 Remote Code Execution via Crafted MP4 Video, Medium
See also: 🔍
Entry
Created: 02/26/2015 12:26Updated: 03/10/2022 20:05
Changes: 02/26/2015 12:26 (76), 06/21/2017 10:44 (6), 03/10/2022 20:05 (2)
Complete: 🔍
Cache ID: 216:719:103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.