Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2015-AVI-371
Vulnerability from certfr_avis - Published: 2015-09-09 - Updated: 2015-09-09
De multiples vulnérabilités ont été corrigées dans les produits Mozilla. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.
Contournement provisoire
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox | Mozilla Firefox versions antérieures à 37.0 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 31.6 | ||
| Mozilla | Firefox ESR | Firefox ESR versions 31.x antérieures à 31.6 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mozilla Firefox versions ant\u00e9rieures \u00e0 37.0",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 31.6",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions 31.x ant\u00e9rieures \u00e0 31.6",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-2715",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2715"
},
{
"name": "CVE-2015-0815",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0815"
},
{
"name": "CVE-2015-2711",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2711"
},
{
"name": "CVE-2015-2706",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2706"
},
{
"name": "CVE-2015-0814",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0814"
},
{
"name": "CVE-2015-0805",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0805"
},
{
"name": "CVE-2015-0807",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0807"
},
{
"name": "CVE-2015-0806",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0806"
},
{
"name": "CVE-2015-0801",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0801"
},
{
"name": "CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"name": "CVE-2015-0816",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0816"
},
{
"name": "CVE-2015-0802",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0802"
},
{
"name": "CVE-2015-0799",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0799"
},
{
"name": "CVE-2015-0812",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0812"
},
{
"name": "CVE-2015-2717",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2717"
},
{
"name": "CVE-2015-4496",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4496"
},
{
"name": "CVE-2015-0803",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0803"
},
{
"name": "CVE-2015-2708",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2708"
},
{
"name": "CVE-2015-0804",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0804"
},
{
"name": "CVE-2015-0808",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0808"
},
{
"name": "CVE-2015-0811",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0811"
},
{
"name": "CVE-2015-2718",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2718"
},
{
"name": "CVE-2015-2710",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2710"
},
{
"name": "CVE-2015-2712",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2712"
},
{
"name": "CVE-2015-0813",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0813"
},
{
"name": "CVE-2015-2709",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2709"
},
{
"name": "CVE-2015-2713",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2713"
}
],
"initial_release_date": "2015-09-09T00:00:00",
"last_revision_date": "2015-09-09T00:00:00",
"links": [],
"reference": "CERTFR-2015-AVI-371",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-09-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Mozilla\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla du 08 septembre 2015",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-30/"
}
]
}
CVE-2015-2712 (GCVE-0-2015-2712)
Vulnerability from cvelistv5 – Published: 2015-05-14 10:00 – Updated: 2024-08-06 05:24
VLAI
EPSS
Summary
The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped, which allows remote attackers to trigger out-of-bounds write operations and possibly execute arbitrary code, or trigger out-of-bounds read operations and possibly obtain sensitive information from process memory, via crafted JavaScript.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.ubuntu.com/usn/USN-2602-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.securityfocus.com/bid/74611 | vdb-entryx_refsource_BID |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1152280 | x_refsource_CONFIRM |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2015-0… | vendor-advisoryx_refsource_SUSE |
| https://security.gentoo.org/glsa/201605-06 | vendor-advisoryx_refsource_GENTOO |
| http://www.mozilla.org/security/announce/2015/mfs… | x_refsource_CONFIRM |
Date Public
2015-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:24:38.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2602-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2602-1"
},
{
"name": "74611",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74611"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1152280"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2015:0934",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-50.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped, which allows remote attackers to trigger out-of-bounds write operations and possibly execute arbitrary code, or trigger out-of-bounds read operations and possibly obtain sensitive information from process memory, via crafted JavaScript."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T15:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "USN-2602-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2602-1"
},
{
"name": "74611",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74611"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1152280"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2015:0934",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-50.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2015-2712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped, which allows remote attackers to trigger out-of-bounds write operations and possibly execute arbitrary code, or trigger out-of-bounds read operations and possibly obtain sensitive information from process memory, via crafted JavaScript."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2602-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2602-1"
},
{
"name": "74611",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74611"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1152280",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1152280"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2015:0934",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html"
},
{
"name": "GLSA-201605-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-50.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-50.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2015-2712",
"datePublished": "2015-05-14T10:00:00.000Z",
"dateReserved": "2015-03-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:24:38.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2713 (GCVE-0-2015-2713)
Vulnerability from cvelistv5 – Published: 2015-05-14 10:00 – Updated: 2024-08-06 05:24
VLAI
EPSS
Summary
Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2015-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:24:38.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2602-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2602-1"
},
{
"name": "RHSA-2015:0988",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0988.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7"
},
{
"name": "74611",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74611"
},
{
"name": "openSUSE-SU-2015:0892",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1153478"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-51.html"
},
{
"name": "DSA-3264",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3264"
},
{
"name": "DSA-3260",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3260"
},
{
"name": "SUSE-SU-2015:0978",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2015:0934",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html"
},
{
"name": "USN-2603-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2603-1"
},
{
"name": "SUSE-SU-2015:0960",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html"
},
{
"name": "RHSA-2015:1012",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1012.html"
},
{
"name": "openSUSE-SU-2015:1266",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T15:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "USN-2602-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2602-1"
},
{
"name": "RHSA-2015:0988",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0988.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7"
},
{
"name": "74611",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74611"
},
{
"name": "openSUSE-SU-2015:0892",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1153478"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-51.html"
},
{
"name": "DSA-3264",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3264"
},
{
"name": "DSA-3260",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3260"
},
{
"name": "SUSE-SU-2015:0978",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2015:0934",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html"
},
{
"name": "USN-2603-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2603-1"
},
{
"name": "SUSE-SU-2015:0960",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html"
},
{
"name": "RHSA-2015:1012",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1012.html"
},
{
"name": "openSUSE-SU-2015:1266",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2015-2713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2602-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2602-1"
},
{
"name": "RHSA-2015:0988",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0988.html"
},
{
"name": "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7"
},
{
"name": "74611",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74611"
},
{
"name": "openSUSE-SU-2015:0892",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1153478",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1153478"
},
{
"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-51.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-51.html"
},
{
"name": "DSA-3264",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3264"
},
{
"name": "DSA-3260",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3260"
},
{
"name": "SUSE-SU-2015:0978",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2015:0934",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html"
},
{
"name": "USN-2603-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2603-1"
},
{
"name": "SUSE-SU-2015:0960",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html"
},
{
"name": "RHSA-2015:1012",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1012.html"
},
{
"name": "openSUSE-SU-2015:1266",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name": "GLSA-201605-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2015-2713",
"datePublished": "2015-05-14T10:00:00.000Z",
"dateReserved": "2015-03-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:24:38.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2715 (GCVE-0-2015-2715)
Vulnerability from cvelistv5 – Published: 2015-05-14 10:00 – Updated: 2024-08-06 05:24
VLAI
EPSS
Summary
Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) by leveraging improper Media Decoder Thread creation at the time of a shutdown.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.ubuntu.com/usn/USN-2602-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.securityfocus.com/bid/74611 | vdb-entryx_refsource_BID |
| https://bugzilla.mozilla.org/show_bug.cgi?id=988698 | x_refsource_CONFIRM |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2015-0… | vendor-advisoryx_refsource_SUSE |
| https://security.gentoo.org/glsa/201605-06 | vendor-advisoryx_refsource_GENTOO |
| http://www.mozilla.org/security/announce/2015/mfs… | x_refsource_CONFIRM |
Date Public
2015-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:24:38.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2602-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2602-1"
},
{
"name": "74611",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74611"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=988698"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2015:0934",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-53.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) by leveraging improper Media Decoder Thread creation at the time of a shutdown."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T15:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "USN-2602-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2602-1"
},
{
"name": "74611",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74611"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=988698"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2015:0934",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-53.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2015-2715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) by leveraging improper Media Decoder Thread creation at the time of a shutdown."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2602-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2602-1"
},
{
"name": "74611",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74611"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=988698",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=988698"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2015:0934",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html"
},
{
"name": "GLSA-201605-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-53.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-53.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2015-2715",
"datePublished": "2015-05-14T10:00:00.000Z",
"dateReserved": "2015-03-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:24:38.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2716 (GCVE-0-2015-2716)
Vulnerability from cvelistv5 – Published: 2015-05-14 10:00 – Updated: 2024-08-06 05:24
VLAI
EPSS
Summary
Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
20 references
Date Public
2015-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:24:37.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2602-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2602-1"
},
{
"name": "RHSA-2015:0988",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0988.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7"
},
{
"name": "74611",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74611"
},
{
"name": "openSUSE-SU-2015:0892",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html"
},
{
"name": "DSA-3264",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3264"
},
{
"name": "DSA-3260",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3260"
},
{
"name": "SUSE-SU-2015:0978",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2015:0934",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html"
},
{
"name": "USN-2603-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2603-1"
},
{
"name": "SUSE-SU-2015:0960",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html"
},
{
"name": "RHSA-2015:1012",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1012.html"
},
{
"name": "openSUSE-SU-2015:1266",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1140537"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-31T07:06:11.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "USN-2602-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2602-1"
},
{
"name": "RHSA-2015:0988",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0988.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7"
},
{
"name": "74611",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74611"
},
{
"name": "openSUSE-SU-2015:0892",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html"
},
{
"name": "DSA-3264",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3264"
},
{
"name": "DSA-3260",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3260"
},
{
"name": "SUSE-SU-2015:0978",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2015:0934",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html"
},
{
"name": "USN-2603-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2603-1"
},
{
"name": "SUSE-SU-2015:0960",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html"
},
{
"name": "RHSA-2015:1012",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1012.html"
},
{
"name": "openSUSE-SU-2015:1266",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1140537"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2015-2716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2602-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2602-1"
},
{
"name": "RHSA-2015:0988",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0988.html"
},
{
"name": "https://www.tenable.com/security/tns-2016-20",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"name": "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7"
},
{
"name": "74611",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74611"
},
{
"name": "openSUSE-SU-2015:0892",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html"
},
{
"name": "DSA-3264",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3264"
},
{
"name": "DSA-3260",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3260"
},
{
"name": "SUSE-SU-2015:0978",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html"
},
{
"name": "https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c",
"refsource": "CONFIRM",
"url": "https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2015:0934",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html"
},
{
"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html"
},
{
"name": "USN-2603-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2603-1"
},
{
"name": "SUSE-SU-2015:0960",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html"
},
{
"name": "RHSA-2015:1012",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1012.html"
},
{
"name": "openSUSE-SU-2015:1266",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name": "GLSA-201605-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1140537",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1140537"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2015-2716",
"datePublished": "2015-05-14T10:00:00.000Z",
"dateReserved": "2015-03-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:24:37.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2717 (GCVE-0-2015-2717)
Vulnerability from cvelistv5 – Published: 2015-05-14 10:00 – Updated: 2024-08-06 05:24
VLAI
EPSS
Summary
Integer overflow in libstagefright in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and out-of-bounds read) via an MP4 video file containing invalid metadata.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.ubuntu.com/usn/USN-2602-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.securityfocus.com/bid/74611 | vdb-entryx_refsource_BID |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2015-0… | vendor-advisoryx_refsource_SUSE |
| http://www.mozilla.org/security/announce/2015/mfs… | x_refsource_CONFIRM |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1154683 | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/201605-06 | vendor-advisoryx_refsource_GENTOO |
Date Public
2015-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:24:38.418Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2602-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2602-1"
},
{
"name": "74611",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74611"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2015:0934",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-55.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1154683"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in libstagefright in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and out-of-bounds read) via an MP4 video file containing invalid metadata."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T15:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "USN-2602-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2602-1"
},
{
"name": "74611",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74611"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2015:0934",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-55.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1154683"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2015-2717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in libstagefright in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and out-of-bounds read) via an MP4 video file containing invalid metadata."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2602-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2602-1"
},
{
"name": "74611",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74611"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2015:0934",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html"
},
{
"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-55.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-55.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1154683",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1154683"
},
{
"name": "GLSA-201605-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2015-2717",
"datePublished": "2015-05-14T10:00:00.000Z",
"dateReserved": "2015-03-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:24:38.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2718 (GCVE-0-2015-2718)
Vulnerability from cvelistv5 – Published: 2015-05-14 10:00 – Updated: 2024-08-06 05:24
VLAI
EPSS
Summary
The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.ubuntu.com/usn/USN-2602-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.securityfocus.com/bid/74611 | vdb-entryx_refsource_BID |
| http://www.mozilla.org/security/announce/2015/mfs… | x_refsource_CONFIRM |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2015-0… | vendor-advisoryx_refsource_SUSE |
| https://security.gentoo.org/glsa/201605-06 | vendor-advisoryx_refsource_GENTOO |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1146724 | x_refsource_CONFIRM |
Date Public
2015-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:24:38.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2602-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2602-1"
},
{
"name": "74611",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74611"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-56.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2015:0934",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1146724"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T15:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "USN-2602-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2602-1"
},
{
"name": "74611",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74611"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-56.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2015:0934",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1146724"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2015-2718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2602-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2602-1"
},
{
"name": "74611",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74611"
},
{
"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-56.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-56.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2015:0934",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html"
},
{
"name": "GLSA-201605-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1146724",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1146724"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2015-2718",
"datePublished": "2015-05-14T10:00:00.000Z",
"dateReserved": "2015-03-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:24:38.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4496 (GCVE-0-2015-4496)
Vulnerability from cvelistv5 – Published: 2015-08-16 01:00 – Updated: 2024-08-06 06:18
VLAI
EPSS
Summary
Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file, a related issue to CVE-2015-1538.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=1149605 | x_refsource_CONFIRM |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://www.mozilla.org/security/announce/2015/mfs… | x_refsource_CONFIRM |
| https://hg.mozilla.org/mozilla-central/rev/87277085561a | x_refsource_CONFIRM |
Date Public
2015-08-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:11.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1149605"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-93.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://hg.mozilla.org/mozilla-central/rev/87277085561a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file, a related issue to CVE-2015-1538."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-09-30T12:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1149605"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-93.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://hg.mozilla.org/mozilla-central/rev/87277085561a"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2015-4496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file, a related issue to CVE-2015-1538."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1149605",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1149605"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-93.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-93.html"
},
{
"name": "https://hg.mozilla.org/mozilla-central/rev/87277085561a",
"refsource": "CONFIRM",
"url": "https://hg.mozilla.org/mozilla-central/rev/87277085561a"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2015-4496",
"datePublished": "2015-08-16T01:00:00.000Z",
"dateReserved": "2015-06-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:18:11.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…