CVE-2015-0823
Last modified
CVE-2015-0823 is a vulnerability of currently unknown severity. Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the ots::ots_gasp_parse function.. EPSS estimates a 3.89% chance of exploitation in the next 30 days.
Description
Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the ots::ots_gasp_parse function.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Ubuntu Linux | 12.04 |
| Canonical | Ubuntu Linux | 14.04 |
| Canonical | Ubuntu Linux | 14.10 |
| Opentype Sanitiser Project | Opentype Sanitiser | All versions |
| Mozilla | Firefox | <= 35.0.1 |
| Mozilla | Firefox | 0.1 |
| Mozilla | Firefox | 0.2 |
| Mozilla | Firefox | 0.3 |
| Mozilla | Firefox | 0.4 |
| Mozilla | Firefox | 0.5 |
| Mozilla | Firefox | 0.6 |
| Mozilla | Firefox | 0.6.1 |
| Mozilla | Firefox | 0.7 |
| Mozilla | Firefox | 0.7.1 |
| Mozilla | Firefox | 0.8 |
| Mozilla | Firefox | 0.9 |
| Mozilla | Firefox | 0.9.1 |
| Mozilla | Firefox | 0.9.2 |
| Mozilla | Firefox | 0.9.3 |
| Mozilla | Firefox | 0.10 |
| Mozilla | Firefox | 0.10.1 |
| Mozilla | Firefox | 1.0 |
| Mozilla | Firefox | 1.0.1 |
| Mozilla | Firefox | 1.0.2 |
| Mozilla | Firefox | 1.0.3 |
| Mozilla | Firefox | 1.0.4 |
| Mozilla | Firefox | 1.0.5 |
| Mozilla | Firefox | 1.0.6 |
| Mozilla | Firefox | 1.0.7 |
| Mozilla | Firefox | 1.0.8 |
| Mozilla | Firefox | 1.4.1 |
| Mozilla | Firefox | 1.5 |
| Mozilla | Firefox | 1.5.0.1 |
| Mozilla | Firefox | 1.5.0.2 |
| Mozilla | Firefox | 1.5.0.3 |
| Mozilla | Firefox | 1.5.0.4 |
| Mozilla | Firefox | 1.5.0.5 |
| Mozilla | Firefox | 1.5.0.6 |
| Mozilla | Firefox | 1.5.0.7 |
| Mozilla | Firefox | 1.5.0.8 |
| Mozilla | Firefox | 1.5.0.9 |
| Mozilla | Firefox | 1.5.0.10 |
| Mozilla | Firefox | 1.5.0.11 |
| Mozilla | Firefox | 1.5.0.12 |
| Mozilla | Firefox | 1.5.1 |
| Mozilla | Firefox | 1.5.2 |
| Mozilla | Firefox | 1.5.3 |
| Mozilla | Firefox | 1.5.4 |
| Mozilla | Firefox | 1.5.5 |
| Mozilla | Firefox | 1.5.6 |
Showing 50 of 221 affected configurations. See NVD for the full list.
References
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.htmlThird Party Advisory
- http://www.securityfocus.com/bid/72754Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031791Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-2505-1Third Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1098497Issue Tracking
- https://github.com/khaledhosny/ots/commit/003c62d28ae438aa8943cb31535563397f838a2cIssue Tracking, Patch
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.htmlThird Party Advisory
- http://www.securityfocus.com/bid/72754Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031791Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-2505-1Third Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1098497Issue Tracking
- https://github.com/khaledhosny/ots/commit/003c62d28ae438aa8943cb31535563397f838a2cIssue Tracking, Patch
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-0823?
How severe is CVE-2015-0823?
How do I fix CVE-2015-0823?
Are you affected by CVE-2015-0823?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST