Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-7179


The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted (1) OpenGL or (2) WebGL content.


Published

2015-09-24T04:59:26.927

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-119

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application mozilla firefox ≤ 40.0.3 Yes
Operating System microsoft windows * No
Application mozilla firefox 38.0 Yes
Application mozilla firefox 38.0.1 Yes
Application mozilla firefox 38.0.5 Yes
Application mozilla firefox 38.1.0 Yes
Application mozilla firefox 38.1.1 Yes
Application mozilla firefox 38.2.0 Yes
Application mozilla firefox 38.2.1 Yes
Operating System microsoft windows * No

References