Red Hat Bugzilla – Bug 1265591
CVE-2015-4503 Mozilla: Memory leak in mozTCPSocket to servers (MFSA 2015-97)
Last modified: 2015-09-24 08:41:06 EDT
Security researcher David Chan reported that Mozilla's mozTCPSocket
implementation could leak data past the end of an array allowing for the
potential exposure of memory or private data to malicious servers.
This feature is used by Firefox OS and is disabled by default in Firefox on
other operating systems.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges David Chan as the original reporter.