Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2015-0831

Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation.

Related bugs and status

CVE-2015-0831 (Candidate) is related to these bugs:

Bug #1427555: Update to 31.5.0

Summary				In	Importance	Status
	1427555	Update to 31.5.0		thunderbird (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.mozilla.org...
CONFIRM: https://bugzilla.mozil...
BID: 72746
SECTRACK: 1031791
SECTRACK: 1031792
DEBIAN: DSA-3174
REDHAT: RHSA-2015:0265
REDHAT: RHSA-2015:0266
UBUNTU: USN-2505-1
SUSE: SUSE-SU-2015:0412
UBUNTU: USN-2506-1
DEBIAN: DSA-3179
REDHAT: RHSA-2015:0642
SUSE: SUSE-SU-2015:0446
SUSE: SUSE-SU-2015:0447
SUSE: openSUSE-SU-2015:0448
SUSE: openSUSE-SU-2015:0404
SUSE: openSUSE-SU-2015:0567
SUSE: openSUSE-SU-2015:0570
CONFIRM: http://www.oracle.com/...
GENTOO: GLSA-201504-01
SUSE: openSUSE-SU-2015:1266