The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript.
This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.
| Link | Tags |
|---|---|
| http://www.securitytracker.com/id/1031958 | vdb entry |
| http://www.mozilla.org/security/announce/2015/mfsa2015-29.html | vendor advisory |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1145255 | |
| http://lists.opensuse.org/opensuse-updates/2015-03/msg00096.html | vendor advisory |
| http://www.securityfocus.com/bid/73263 | vdb entry |
| http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html | vendor advisory |
| https://security.gentoo.org/glsa/201504-01 | vendor advisory |
| http://rhn.redhat.com/errata/RHSA-2015-0718.html | vendor advisory |
| http://www.debian.org/security/2015/dsa-3201 | vendor advisory |
| http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html | |
| http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00035.html | vendor advisory |
| http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00029.html | vendor advisory |
| http://www.ubuntu.com/usn/USN-2538-1 | vendor advisory |