CVE-2015-7214 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:N/A:N
mozilla	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 90%

Vendor	Product	Version
opensuse	leap	42.1
opensuse	opensuse	13.1
opensuse	opensuse	13.2
mozilla	firefox	38.0
mozilla	firefox	38.0.1
mozilla	firefox	38.0.5
mozilla	firefox	38.1.0
mozilla	firefox	38.1.1
mozilla	firefox	38.2.0
mozilla	firefox	38.2.1
mozilla	firefox	38.3.0
mozilla	firefox	38.4.0
mozilla	firefox	𝑥 ≤ 42.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

firefox

wily	Fixed 43.0+build1-0ubuntu0.15.10.1 released
vivid	Fixed 43.0+build1-0ubuntu0.15.04.1 released
trusty	Fixed 43.0+build1-0ubuntu0.14.04.1 released
precise	Fixed 43.0+build1-0ubuntu0.12.04.1 released

thunderbird

wily	Fixed 1:38.5.1+build2-0ubuntu0.15.10.1 released
vivid	Fixed 1:38.5.1+build2-0ubuntu0.15.04.1 released
trusty	Fixed 1:38.5.1+build2-0ubuntu0.14.04.1 released
precise	Fixed 1:38.5.1+build2-0ubuntu0.12.04.1 released

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html

http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html

http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html

http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html

http://rhn.redhat.com/errata/RHSA-2015-2657.html

http://www.debian.org/security/2015/dsa-3422

http://www.debian.org/security/2016/dsa-3432

http://www.mozilla.org/security/announce/2015/mfsa2015-149.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.securityfocus.com/bid/79279

http://www.securitytracker.com/id/1034426

http://www.ubuntu.com/usn/USN-2833-1

http://www.ubuntu.com/usn/USN-2859-1

https://bugzilla.mozilla.org/show_bug.cgi?id=1228950

https://security.gentoo.org/glsa/201512-10

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html

http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html

http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html

http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html

http://rhn.redhat.com/errata/RHSA-2015-2657.html

http://www.debian.org/security/2015/dsa-3422

http://www.debian.org/security/2016/dsa-3432

http://www.mozilla.org/security/announce/2015/mfsa2015-149.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.securityfocus.com/bid/79279

http://www.securitytracker.com/id/1034426

http://www.ubuntu.com/usn/USN-2833-1

http://www.ubuntu.com/usn/USN-2859-1

https://bugzilla.mozilla.org/show_bug.cgi?id=1228950

https://security.gentoo.org/glsa/201512-10