CVE-2015-2724 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	10 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:C/I:C/A:C
mozilla	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 81%

Vendor	Product	Version
oracle	solaris	11.3
mozilla	firefox	31.0
mozilla	firefox	31.1.0
mozilla	firefox	31.1.1
mozilla	firefox	31.3.0
mozilla	firefox	31.5.1
mozilla	firefox	31.5.2
mozilla	firefox	31.5.3
mozilla	firefox	38.0
mozilla	firefox_esr	31.1
mozilla	firefox_esr	31.2
mozilla	firefox_esr	31.3
mozilla	firefox_esr	31.4
mozilla	firefox_esr	31.5
mozilla	firefox_esr	31.6.0
mozilla	firefox_esr	31.7.0
novell	suse_linux_enterprise_software_development_kit	12.0
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	14.10
canonical	ubuntu_linux	15.04
debian	debian_linux	7.0
debian	debian_linux	8.0
novell	suse_linux_enterprise_desktop	12.0
novell	suse_linux_enterprise_server	12.0
mozilla	thunderbird	𝑥 ≤ 38.0.1
mozilla	firefox	𝑥 ≤ 38.1.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

firefox

vivid	Fixed 39.0+build5-0ubuntu0.15.04.1 released
utopic	Fixed 39.0+build5-0ubuntu0.14.10.1 released
trusty	Fixed 39.0+build5-0ubuntu0.14.04.1 released
precise	Fixed 39.0+build5-0ubuntu0.12.04.2 released

thunderbird

vivid	Fixed 1:31.8.0+build1-0ubuntu0.15.04.1 released
utopic	Fixed 1:31.8.0+build1-0ubuntu0.14.10.1 released
trusty	Fixed 1:31.8.0+build1-0ubuntu0.14.04.1 released
precise	Fixed 1:31.8.0+build1-0ubuntu0.12.04.1 released

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

http://rhn.redhat.com/errata/RHSA-2015-1207.html

http://rhn.redhat.com/errata/RHSA-2015-1455.html

http://www.debian.org/security/2015/dsa-3300

http://www.debian.org/security/2015/dsa-3324

http://www.mozilla.org/security/announce/2015/mfsa2015-59.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://www.securityfocus.com/bid/75541

http://www.securitytracker.com/id/1032783

http://www.securitytracker.com/id/1032784

http://www.ubuntu.com/usn/USN-2656-1

http://www.ubuntu.com/usn/USN-2656-2

http://www.ubuntu.com/usn/USN-2673-1

https://bugzilla.mozilla.org/show_bug.cgi?id=1143679

https://bugzilla.mozilla.org/show_bug.cgi?id=1154876

https://bugzilla.mozilla.org/show_bug.cgi?id=1160884

https://bugzilla.mozilla.org/show_bug.cgi?id=1164567

https://security.gentoo.org/glsa/201512-10

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

http://rhn.redhat.com/errata/RHSA-2015-1207.html

http://rhn.redhat.com/errata/RHSA-2015-1455.html

http://www.debian.org/security/2015/dsa-3300

http://www.debian.org/security/2015/dsa-3324

http://www.mozilla.org/security/announce/2015/mfsa2015-59.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://www.securityfocus.com/bid/75541

http://www.securitytracker.com/id/1032783

http://www.securitytracker.com/id/1032784

http://www.ubuntu.com/usn/USN-2656-1

http://www.ubuntu.com/usn/USN-2656-2

http://www.ubuntu.com/usn/USN-2673-1

https://bugzilla.mozilla.org/show_bug.cgi?id=1143679

https://bugzilla.mozilla.org/show_bug.cgi?id=1154876

https://bugzilla.mozilla.org/show_bug.cgi?id=1160884

https://bugzilla.mozilla.org/show_bug.cgi?id=1164567

https://security.gentoo.org/glsa/201512-10