CVE-2015-2724

Published: Jul 6, 2015Modified: May 6, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Affected (28)

Products: Oracle: Solaris · Mozilla: Firefox, Firefox Esr, Thunderbird · Canonical: Ubuntu Linux · +2 more

Show all products

Oracle: Solaris · Mozilla: Firefox, Firefox Esr, Thunderbird · Canonical: Ubuntu Linux · Debian: Debian Linux · Novell: Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit

1 product

3 products

1 product

1 product

3 products

Suse Linux Enterprise Desktop

Suse Linux Enterprise Server

Suse Linux Enterprise Software Development Kit

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Solaris	Version 11.3

Configuration B

15 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Version 31.0
Mozilla Firefox	Version 31.1.0
Mozilla Firefox	Version 31.1.1
Mozilla Firefox	Version 31.3.0
Mozilla Firefox	Version 31.5.1
Mozilla Firefox	Version 31.5.2
Mozilla Firefox	Version 31.5.3
Mozilla Firefox	Version 38.0
Mozilla Firefox Esr	Version 31.1
Mozilla Firefox Esr	Version 31.2
Mozilla Firefox Esr	Version 31.3
Mozilla Firefox Esr	Version 31.4
Mozilla Firefox Esr	Version 31.5
Mozilla Firefox Esr	Version 31.6.0
Mozilla Firefox Esr	Version 31.7.0

Configuration C

10 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 14.10
Canonical Ubuntu Linux	Version 15.04
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0
Novell Suse Linux Enterprise Desktop	Version 12.0
Novell Suse Linux Enterprise Server	Version 11 sp4
Novell Suse Linux Enterprise Server	Version 12.0
Novell Suse Linux Enterprise Software Development Kit	Version 12.0

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Thunderbird	Up to 38.0.1

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Up to 38.1.0

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (46)

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html

Source: security@mozilla.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html

Source: security@mozilla.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

Source: security@mozilla.org

http://rhn.redhat.com/errata/RHSA-2015-1207.html

Source: security@mozilla.org

http://rhn.redhat.com/errata/RHSA-2015-1455.html

Source: security@mozilla.org

http://www.debian.org/security/2015/dsa-3300

Source: security@mozilla.org

http://www.debian.org/security/2015/dsa-3324

Source: security@mozilla.org

Third Party Advisory

http://www.mozilla.org/security/announce/2015/mfsa2015-59.html

Source: security@mozilla.org

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: security@mozilla.org

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Source: security@mozilla.org

Third Party Advisory

http://www.securityfocus.com/bid/75541

Source: security@mozilla.org

http://www.securitytracker.com/id/1032783

Source: security@mozilla.org

http://www.securitytracker.com/id/1032784

Source: security@mozilla.org

http://www.ubuntu.com/usn/USN-2656-1

Source: security@mozilla.org

http://www.ubuntu.com/usn/USN-2656-2

Source: security@mozilla.org

http://www.ubuntu.com/usn/USN-2673-1

Source: security@mozilla.org

Third Party Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1143679

Source: security@mozilla.org

Issue Tracking

https://bugzilla.mozilla.org/show_bug.cgi?id=1154876

Source: security@mozilla.org

Issue Tracking

https://bugzilla.mozilla.org/show_bug.cgi?id=1160884

Source: security@mozilla.org

Issue Tracking

https://bugzilla.mozilla.org/show_bug.cgi?id=1164567

Source: security@mozilla.org

Issue Tracking

https://security.gentoo.org/glsa/201512-10

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html