CVE-2015-0805 | Vulnerability Database | Aqua Security

The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors that trigger rendering of 2D graphics content.

Affected Software

Name	Vendor	Start Version	End Version
Opensuse	Opensuse	13.1 (including)	13.1 (including)
Opensuse	Opensuse	13.2 (including)	13.2 (including)
Firefox	Ubuntu	devel	*
Firefox	Ubuntu	lucid	*
Firefox	Ubuntu	precise	*
Firefox	Ubuntu	trusty	*
Firefox	Ubuntu	upstream	*
Firefox	Ubuntu	utopic	*

References

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html
http://www.mozilla.org/security/announce/2015/mfsa2015-38.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securitytracker.com/id/1031996
http://www.ubuntu.com/usn/USN-2550-1
https://bugzilla.mozilla.org/show_bug.cgi?id=1135511
https://security.gentoo.org/glsa/201512-10
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html
http://www.mozilla.org/security/announce/2015/mfsa2015-38.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securitytracker.com/id/1031996
http://www.ubuntu.com/usn/USN-2550-1
https://bugzilla.mozilla.org/show_bug.cgi?id=1135511
https://security.gentoo.org/glsa/201512-10

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-0805
CWE	https://cwe.mitre.org/data/definitions/17.html