CVE-2015-7205

Severity

99%

Complexity

99%

Confidentiality

165%

Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet.

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

First reported 9 years ago

2015-12-16 11:59:00

Last updated 6 years ago

2018-10-30 16:27:00

Affected Software

Fedora 22

22

Fedora Project Fedora 23

23

Mozilla Firefox ESR 38.0

38.0

Mozilla Firefox ESR 38.0.1

38.0.1

Mozilla Firefox ESR 38.0.5

38.0.5

Mozilla Firefox ESR 38.1.0

38.1.0

Mozilla Firefox ESR 38.1.1

38.1.1

Mozilla Firefox ESR 38.2.0

38.2.0

Mozilla Firefox ESR 38.2.1

38.2.1

Mozilla Firefox Extended Support Release (ESR) 38.3.0

38.3.0

Mozilla Firefox ESR 38.4.0

38.4.0

openSUSE Leap 42.1

42.1

OpenSUSE 13.1

13.1

OpenSUSE 13.2

13.2

Mozilla Firefox

References

FEDORA-2015-51b1105902

FEDORA-2015-7ab3d3afcf

SUSE-SU-2015:2334

SUSE-SU-2015:2335

SUSE-SU-2015:2336

openSUSE-SU-2015:2380

openSUSE-SU-2015:2406

openSUSE-SU-2015:2353

openSUSE-SU-2016:0307

openSUSE-SU-2016:0308

RHSA-2015:2657

DSA-3422

DSA-3432

http://www.mozilla.org/security/announce/2015/mfsa2015-145.html

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

79279

1034426

USN-2833-1

USN-2859-1

https://bugzilla.mozilla.org/show_bug.cgi?id=1220493

GLSA-201512-10

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.