Home

CVE-2015-7183

Description

Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
5.021

Associated Vulnerability

VulnerabilityOS Platform
Update for Mozilla Firefox (42.0)Windows
Update for Mozilla Firefox ESR (38.4.0)Windows
Update for Google Chrome (46.0.2490.71)Windows
Update for Google Chrome x64 (46.0.2490.71)Windows
Update for Mozilla Thunderbird (38.4.0)Windows
Update for Google Chrome (51.0.2704.63)Windows
Update for Google Chrome x64 (51.0.2704.63)Windows
Vulnerabilities CVE-2015-7183 are affected in Oracle VM VirtualBox 7.5Windows
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (42.0)Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (142.0)Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (142.0.1)Mac
Multiple vulnerabilities are fixed in Mozilla Thunderbird For Mac 38.4Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 38.0Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 38.0Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 38.1.0Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 38.1.0Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 38.0.1Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 38.0.5Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 38.0.1Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 38.0.5Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 38.2.0Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 38.2.0Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 38.1.1Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 38.2.1Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 38.1.1Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 38.2.1Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 38.3.0Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 38.3.0Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 41.0.2Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 38.4Mac
NetScape Portable Runtime Library (USN-2790-1) libnspr4_4.10.10-0ubuntu0.12.04.1_i386.debLinux
NetScape Portable Runtime Library (USN-2790-1) libnspr4_4.10.10-0ubuntu0.12.04.1_amd64.debLinux
NetScape Portable Runtime Library (USN-2790-1) libnspr4_4.10.10-0ubuntu0.14.04.1_i386.debLinux
NetScape Portable Runtime Library (USN-2790-1) libnspr4_4.10.10-0ubuntu0.14.04.1_amd64.debLinux
NetScape Portable Runtime Library (USN-2790-1) libnspr4_4.10.10-0ubuntu0.15.04.1_i386.debLinux
NetScape Portable Runtime Library (USN-2790-1) libnspr4_4.10.10-0ubuntu0.15.04.1_amd64.debLinux
NetScape Portable Runtime Library (USN-2790-1) libnspr4_4.10.10-0ubuntu0.15.10.1_i386.debLinux
NetScape Portable Runtime Library (USN-2790-1) libnspr4_4.10.10-0ubuntu0.15.10.1_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-2819-1) thunderbird_38.3.0+build1-0ubuntu2_i386.debLinux
Mozilla Open Source mail and newsgroup client (USN-2819-1) thunderbird_38.3.0+build1-0ubuntu2_amd64.debLinux
SUSE-SU-2015:1981-1(SUSE Linux Enterprise Desktop 11-SP3 ) mozilla-nspr-4.10.10-16.1.x86_64.rpmLinux
SUSE-SU-2015:1981-1(SUSE Linux Enterprise Desktop 11-SP3 ) mozilla-nspr-32bit-4.10.10-16.1.x86_64.rpmLinux
Update for Google Chrome (46.0.2490.71) (For Ubuntu)Linux
Update for Google Chrome (51.0.2704.63) (For Ubuntu)Linux
Update for Google Chrome (46.0.2490.71) (For Debian)Linux
Update for Google Chrome (51.0.2704.63) (For Debian)Linux
Update for Google Chrome (46.0.2490.71) (For Centos)Linux
Update for Google Chrome (51.0.2704.63) (For Centos)Linux
Update for Google Chrome (46.0.2490.71) (For RedHat)Linux
Update for Google Chrome (51.0.2704.63) (For RedHat)Linux
Update for Google Chrome (46.0.2490.71) (For Suse)Linux
Update for Google Chrome (51.0.2704.63) (For Suse)Linux
Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-7183)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-302187Update for Mozilla Firefox (42.0)
PATCH-302286Update for Mozilla Firefox ESR (38.4.0)
PATCH-302924Update for Google Chrome (46.0.2490.71)
PATCH-302925Update for Google Chrome x64 (46.0.2490.71)
PATCH-303017Update for Mozilla Thunderbird (38.4.0)
PATCH-303496Update for Google Chrome (51.0.2704.63)
PATCH-303497Update for Google Chrome x64 (51.0.2704.63)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611807Mozilla Thunderbird For Mac (142.0)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-612783Mozilla Firefox For Mac (145.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234