The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted (1) OpenGL or (2) WebGL content.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
22 Oct 2024, 13:42
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:* |
cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:* |
Information
Published : 2015-09-24 04:59
Updated : 2024-10-22 13:42
NVD link : CVE-2015-7179
Mitre link : CVE-2015-7179
CVE.ORG link : CVE-2015-7179
JSON object : View
Products Affected
microsoft
- windows
mozilla
- firefox
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer