Unrated severityNVD Advisory· Published Sep 24, 2015· Updated May 6, 2026

CVE-2015-4503

Description

The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS application.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.mozilla.org/security/announce/2015/mfsa2015-97.htmlnvdVendor Advisory
lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.htmlnvd
lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.htmlnvd
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlnvd
www.securityfocus.com/bid/76815nvd
www.securitytracker.com/id/1033640nvd
bugzilla.mozilla.org/show_bug.cginvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000