Your submission was sent successfully! Close

CVE-2015-4475

Published: 11 August 2015

The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file.

Priority

Medium

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
precise
Released (40.0+build4-0ubuntu0.12.04.1)
trusty Does not exist
(trusty was released [40.0+build4-0ubuntu0.14.04.1])
upstream
Released (40.0)
vivid
Released (40.0+build4-0ubuntu0.15.04.1)