CVE-2015-0813

N/A Unknown

Published: April 01, 2015 Modified: November 25, 2025

Description

Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

Source: security@mozilla.org

http://rhn.redhat.com/errata/RHSA-2015-0766.html

Source: security@mozilla.org

http://rhn.redhat.com/errata/RHSA-2015-0771.html

Source: security@mozilla.org

http://www.debian.org/security/2015/dsa-3211

Source: security@mozilla.org

http://www.debian.org/security/2015/dsa-3212

Source: security@mozilla.org

http://www.mozilla.org/security/announce/2015/mfsa2015-31.html

Source: security@mozilla.org

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

Source: security@mozilla.org

http://www.securityfocus.com/bid/73463

Source: security@mozilla.org

http://www.securitytracker.com/id/1031996

Source: security@mozilla.org

http://www.securitytracker.com/id/1032000

Source: security@mozilla.org

http://www.ubuntu.com/usn/USN-2550-1

Source: security@mozilla.org

http://www.ubuntu.com/usn/USN-2552-1

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1106596

Source: security@mozilla.org

https://security.gentoo.org/glsa/201512-10

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2015-0766.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2015-0771.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2015/dsa-3211

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2015/dsa-3212

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mozilla.org/security/announce/2015/mfsa2015-31.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/73463

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1031996

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1032000

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2550-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2552-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=1106596

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201512-10

Source: af854a3a-2127-422b-91ae-364da2661108

34 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

2.8%

86th percentile

Exploitation Status

Not in CISA KEV

Affected Vendors

mozilla linux