CVE-2015-0813
Description
Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file.
Risk Information
Base Score
8.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.842
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update for SeaMonkey (2.35) | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox 36.0.4 | Windows |
| (RHSA-2015:0766)Critical: security update firefox-31.6.0-2.el7_1.i686.rpm | Linux |
| (RHSA-2015:0766)Critical: security update firefox-31.6.0-2.el7_1.x86_64.rpm | Linux |
| (RHSA-2015:0766)Critical: security update firefox-debuginfo-31.6.0-2.el7_1.i686.rpm | Linux |
| (RHSA-2015:0766)Critical: security update firefox-debuginfo-31.6.0-2.el7_1.x86_64.rpm | Linux |
| (RHSA-2015:0766)Critical: security update xulrunner-debuginfo-31.6.0-2.el7_1.i686.rpm | Linux |
| (RHSA-2015:0766)Critical: security update xulrunner-debuginfo-31.6.0-2.el7_1.x86_64.rpm | Linux |
| Xulrunner update (ELSA-2015-0766) xulrunner-31.6.0-2.0.1.el7_1.i686.rpm | Linux |
| Xulrunner update (ELSA-2015-0766) xulrunner-31.6.0-2.0.1.el7_1.x86_64.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-301494 | Update for SeaMonkey (2.35) |
| PATCH-343015 | Mozilla Firefox (132.0.2) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234