Unrated severityNVD Advisory· Published Aug 16, 2015· Updated May 6, 2026

CVE-2015-4485

Description

Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data.

Affected products

Mozilla Corporation/Firefox5 versions
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=39.0.3
- cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*
Canonical/Ubuntu Linux3 versions
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
OpenSUSE/openSUSE2 versions
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Oracle Corporation/Solaris
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
osv-coords51 versions
pkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweed pkg:rpm/suse/firefox-gcc47&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP1-LTSS pkg:rpm/suse/firefox-gcc47&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP1-TERADATA pkg:rpm/suse/firefox-gcc47&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS pkg:rpm/suse/MozillaFirefox-branding-SLED&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3 pkg:rpm/suse/MozillaFirefox-branding-SLED&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4 pkg:rpm/suse/MozillaFirefox-branding-SLED&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP1-LTSS pkg:rpm/suse/MozillaFirefox-branding-SLED&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP1-TERADATA pkg:rpm/suse/MozillaFirefox-branding-SLED&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS pkg:rpm/suse/MozillaFirefox-branding-SLED&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3 pkg:rpm/suse/MozillaFirefox-branding-SLED&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA pkg:rpm/suse/MozillaFirefox-branding-SLED&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4 pkg:rpm/suse/MozillaFirefox-branding-SLED&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP3 pkg:rpm/suse/MozillaFirefox-branding-SLED&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4 pkg:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Linux%20Enterprise%20Server%2012 pkg:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP1-LTSS pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP1-TERADATA pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP3 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP3 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012 pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3 pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4 pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP1-LTSS pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP1-TERADATA pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3 pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4 pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2012 pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP3 pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4 pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012 pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP3 pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4 pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012
< 128.5.1-1.1+ 50 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 50.1.0-1.1
- (no CPE)range: < 45.5.1-1.1
- (no CPE)range: < 4.7.2_20130108-0.37.2
- (no CPE)range: < 4.7.2_20130108-0.37.2
- (no CPE)range: < 4.7.2_20130108-0.37.2
- (no CPE)range: < 31.0-0.12.51
- (no CPE)range: < 31.0-0.12.51
- (no CPE)range: < 31.0-0.5.7.11
- (no CPE)range: < 31.0-0.5.7.11
- (no CPE)range: < 31.0-0.5.7.11
- (no CPE)range: < 31.0-0.12.51
- (no CPE)range: < 31.0-0.12.51
- (no CPE)range: < 31.0-0.12.51
- (no CPE)range: < 31.0-0.12.51
- (no CPE)range: < 31.0-0.12.51
- (no CPE)range: < 31.0-14.1
- (no CPE)range: < 31.0-14.1
- (no CPE)range: < 31.0-14.1
- (no CPE)range: < 38.2.1esr-19.3
- (no CPE)range: < 38.2.1esr-19.3
- (no CPE)range: < 38.2.1esr-45.1
- (no CPE)range: < 38.2.0esr-10.1
- (no CPE)range: < 38.2.0esr-10.1
- (no CPE)range: < 38.2.0esr-10.1
- (no CPE)range: < 38.2.1esr-19.3
- (no CPE)range: < 38.2.1esr-19.3
- (no CPE)range: < 38.2.1esr-19.3
- (no CPE)range: < 38.2.1esr-45.1
- (no CPE)range: < 38.2.1esr-19.3
- (no CPE)range: < 38.2.1esr-19.3
- (no CPE)range: < 38.2.1esr-45.1
- (no CPE)range: < 38.2.1esr-19.3
- (no CPE)range: < 38.2.1esr-19.3
- (no CPE)range: < 38.2.1esr-45.1
- (no CPE)range: < 3.19.2.0-0.16.1
- (no CPE)range: < 3.19.2.0-0.16.1
- (no CPE)range: < 3.19.2.0-26.2
- (no CPE)range: < 3.19.2.0-0.7.1
- (no CPE)range: < 3.19.2.0-0.7.1
- (no CPE)range: < 3.19.2.0-0.7.1
- (no CPE)range: < 3.19.2.0-0.16.1
- (no CPE)range: < 3.19.2.0-0.16.1
- (no CPE)range: < 3.19.2.0-0.16.1
- (no CPE)range: < 3.19.2.0-26.2
- (no CPE)range: < 3.19.2.0-0.16.1
- (no CPE)range: < 3.19.2.0-0.16.1
- (no CPE)range: < 3.19.2.0-26.2
- (no CPE)range: < 3.19.2.0-0.16.1
- (no CPE)range: < 3.19.2.0-0.16.1
- (no CPE)range: < 3.19.2.0-26.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.htmlnvdThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.htmlnvdThird Party Advisory
www.mozilla.org/security/announce/2015/mfsa2015-89.htmlnvdVendor Advisory
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlnvdThird Party Advisory
www.ubuntu.com/usn/USN-2702-1nvdThird Party Advisory
www.ubuntu.com/usn/USN-2702-2nvdThird Party Advisory
bugzilla.mozilla.org/show_bug.cginvdIssue Tracking
lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.htmlnvd
lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.htmlnvd
lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.htmlnvd
lists.opensuse.org/opensuse-updates/2015-08/msg00030.htmlnvd
lists.opensuse.org/opensuse-updates/2015-08/msg00031.htmlnvd
rhn.redhat.com/errata/RHSA-2015-1586.htmlnvd
www.securitytracker.com/id/1033247nvd
www.ubuntu.com/usn/USN-2702-3nvd
security.gentoo.org/glsa/201605-06nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000