CRITICAL✓ PATCH🇬🇧 English

CVE-2015-7182

CVSS 9.8v3.0pub. 2015-11-05upd. 2026-05-06

Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mozilla Firefox

    APP
    Mozilla
    38.038.0.138.0.538.1.038.1.138.2.038.2.138.3.0≤ 41.0.2
  • Mozilla Network Security Services

    APP
    Mozilla
    3.20.0≤ 3.19.2.0
  • Oracle Glassfish Server

    APP
    Oracle
    2.1.1
  • Oracle Iplanet Web Proxy Server

    APP
    Oracle
    4.0
  • Oracle Iplanet Web Server

    APP
    Oracle
    7.0
  • Oracle Opensso

    APP
    Oracle
    3.0-0.7
  • Oracle Traffic Director

    APP
    Oracle
    11.1.1.7.011.1.1.9.0
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
RCEDoSMemory
CWE
Referencje

Powiązane podatności

CVE-2024-9680CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Use-after-free w Animation timelines Firefox/Thunderbird — RCE

CVE-2022-26486CRITICAL9.6⚠ KEVten sam produkt

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escap...

CVE-2019-11708CRITICAL10.0⚠ KEVten sam produkt

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes ...

CVE-2010-3765CRITICAL9.8⚠ KEVten sam produkt

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before...

CVE-2026-14241CRITICAL9.8ten sam produkt

Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we ...