A flaw was discovered in the implementation of typed array bounds checking in the Javascript just-in-time compilation. If a user were tricked in to opening a specially crafted website, an attacked could exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0817)
Mariusz Mlynski discovered a flaw in the processing of SVG format content navigation. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to run arbitrary script in a privileged context. (CVE-2015-0818)
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "36.0.4+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-globalmenu",
"binary_version": "36.0.4+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "36.0.4+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-testsuite",
"binary_version": "36.0.4+build1-0ubuntu0.14.04.1"
}
]
}
{
"ecosystem": "Ubuntu:14.04:LTS",
"cves": [
{
"id": "CVE-2015-0817",
"severity": [
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2015-0818",
"severity": [
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2538-1.json"