1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
PublicDateAtUSN: 2015-02-25
Candidate: CVE-2015-0826
PublicDate: 2015-02-25
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0826
https://www.mozilla.org/en-US/security/advisories/mfsa2015-20/
https://bugzilla.mozilla.org/show_bug.cgi?id=1092363
http://www.mozilla.org/security/announce/2015/mfsa2015-20.html
http://www.ubuntu.com/usn/usn-2505-1
Description:
The nsTransformedTextRun::SetCapitalization function in Mozilla Firefox
before 36.0 allows remote attackers to execute arbitrary code or cause a
denial of service (out-of-bounds read of heap memory) via a crafted
Cascading Style Sheets (CSS) token sequence that triggers a restyle or
reflow operation.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Atte Kettunen
Assigned-to: chrisccoulson
Patches_firefox:
upstream_firefox: released (36)
lucid_firefox: ignored (reached end of life)
precise_firefox: released (36.0+build2-0ubuntu0.12.04.5)
trusty_firefox: released (36.0+build2-0ubuntu0.14.04.4)
utopic_firefox: released (36.0+build2-0ubuntu0.14.10.4)
devel_firefox: released (36.0+build2-0ubuntu4)
|