CVE-2015-2734

Published: Jul 6, 2015Modified: May 6, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

Affected (28)

Products: Suse: Linux Enterprise Desktop, Linux Enterprise Server, Linux Enterprise Software Development Kit, Suse Linux Enterprise Server · Mozilla: Firefox, Firefox Esr, Thunderbird · Canonical: Ubuntu Linux · +2 more

Show all products

Suse: Linux Enterprise Desktop, Linux Enterprise Server, Linux Enterprise Software Development Kit, Suse Linux Enterprise Server · Mozilla: Firefox, Firefox Esr, Thunderbird · Canonical: Ubuntu Linux · Debian: Debian Linux · Oracle: Solaris

4 products

Linux Enterprise Desktop

Linux Enterprise Server

Linux Enterprise Software Development Kit

Suse Linux Enterprise Server

3 products

1 product

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Suse Linux Enterprise Desktop	Version 12
Suse Linux Enterprise Server	Version 11 sp4
Suse Linux Enterprise Software Development Kit	Version 12
Suse Suse Linux Enterprise Server	Version 12

Configuration B

15 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Version 31.0
Mozilla Firefox	Version 31.1.0
Mozilla Firefox	Version 31.1.1
Mozilla Firefox	Version 31.3.0
Mozilla Firefox	Version 31.5.1
Mozilla Firefox	Version 31.5.2
Mozilla Firefox	Version 31.5.3
Mozilla Firefox	Version 38.0
Mozilla Firefox Esr	Version 31.1
Mozilla Firefox Esr	Version 31.2
Mozilla Firefox Esr	Version 31.3
Mozilla Firefox Esr	Version 31.4
Mozilla Firefox Esr	Version 31.5
Mozilla Firefox Esr	Version 31.6.0
Mozilla Firefox Esr	Version 31.7.0

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 14.10
Canonical Ubuntu Linux	Version 15.04

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Up to 38.1.0

Configuration F

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Thunderbird	Up to 38.0.1

Configuration G

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Solaris	Version 11.3

Related CWEs

References (40)

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html

Source: security@mozilla.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html

Source: security@mozilla.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

Source: security@mozilla.org

http://rhn.redhat.com/errata/RHSA-2015-1207.html

Source: security@mozilla.org

http://rhn.redhat.com/errata/RHSA-2015-1455.html

Source: security@mozilla.org

http://www.debian.org/security/2015/dsa-3300

Source: security@mozilla.org

http://www.debian.org/security/2015/dsa-3324

Source: security@mozilla.org

Third Party Advisory

http://www.mozilla.org/security/announce/2015/mfsa2015-66.html

Source: security@mozilla.org

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: security@mozilla.org

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Source: security@mozilla.org

Third Party Advisory

http://www.securityfocus.com/bid/75541

Source: security@mozilla.org

http://www.securitytracker.com/id/1032783

Source: security@mozilla.org

http://www.securitytracker.com/id/1032784

Source: security@mozilla.org

http://www.ubuntu.com/usn/USN-2656-1

Source: security@mozilla.org

http://www.ubuntu.com/usn/USN-2656-2

Source: security@mozilla.org

http://www.ubuntu.com/usn/USN-2673-1

Source: security@mozilla.org

Third Party Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1166082

Source: security@mozilla.org

Issue Tracking

https://security.gentoo.org/glsa/201512-10

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2015-1207.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2015-1455.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2015/dsa-3300

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2015/dsa-3324

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.mozilla.org/security/announce/2015/mfsa2015-66.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/75541

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1032783

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1032784

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2656-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2656-2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2673-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1166082

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://security.gentoo.org/glsa/201512-10

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.