CVE-2015-2736

The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mozillaCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
mozillafirefox
𝑥
≤ 38.1.0
mozillathunderbird
𝑥
≤ 38.0.1
mozillafirefox
31.0
mozillafirefox
31.1.0
mozillafirefox
31.1.1
mozillafirefox
31.3.0
mozillafirefox
31.5.1
mozillafirefox
31.5.2
mozillafirefox
31.5.3
mozillafirefox
38.0
mozillafirefox_esr
31.1
mozillafirefox_esr
31.2
mozillafirefox_esr
31.3
mozillafirefox_esr
31.4
mozillafirefox_esr
31.5
mozillafirefox_esr
31.6.0
mozillafirefox_esr
31.7.0
oraclesolaris
11.3
novellsuse_linux_enterprise_software_development_kit
12.0
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
14.10
canonicalubuntu_linux
15.04
debiandebian_linux
7.0
debiandebian_linux
8.0
novellsuse_linux_enterprise_desktop
12.0
novellsuse_linux_enterprise_server
12.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
vivid
Fixed 39.0+build5-0ubuntu0.15.04.1
released
utopic
Fixed 39.0+build5-0ubuntu0.14.10.1
released
trusty
Fixed 39.0+build5-0ubuntu0.14.04.1
released
precise
Fixed 39.0+build5-0ubuntu0.12.04.2
released
thunderbird
vivid
Fixed 1:31.8.0+build1-0ubuntu0.15.04.1
released
utopic
Fixed 1:31.8.0+build1-0ubuntu0.14.10.1
released
trusty
Fixed 1:31.8.0+build1-0ubuntu0.14.04.1
released
precise
Fixed 1:31.8.0+build1-0ubuntu0.12.04.1
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
http://rhn.redhat.com/errata/RHSA-2015-1207.html
http://rhn.redhat.com/errata/RHSA-2015-1455.html
http://www.debian.org/security/2015/dsa-3300
http://www.debian.org/security/2015/dsa-3324
http://www.mozilla.org/security/announce/2015/mfsa2015-66.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.securityfocus.com/bid/75541
http://www.securitytracker.com/id/1032783
http://www.securitytracker.com/id/1032784
http://www.ubuntu.com/usn/USN-2656-1
http://www.ubuntu.com/usn/USN-2656-2
http://www.ubuntu.com/usn/USN-2673-1
https://bugzilla.mozilla.org/show_bug.cgi?id=1167888
https://security.gentoo.org/glsa/201512-10
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
http://rhn.redhat.com/errata/RHSA-2015-1207.html
http://rhn.redhat.com/errata/RHSA-2015-1455.html
http://www.debian.org/security/2015/dsa-3300
http://www.debian.org/security/2015/dsa-3324
http://www.mozilla.org/security/announce/2015/mfsa2015-66.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.securityfocus.com/bid/75541
http://www.securitytracker.com/id/1032783
http://www.securitytracker.com/id/1032784
http://www.ubuntu.com/usn/USN-2656-1
http://www.ubuntu.com/usn/USN-2656-2
http://www.ubuntu.com/usn/USN-2673-1
https://bugzilla.mozilla.org/show_bug.cgi?id=1167888
https://security.gentoo.org/glsa/201512-10