Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html
http://rhn.redhat.com/errata/RHSA-2015-0988.html
http://rhn.redhat.com/errata/RHSA-2015-1012.html
http://www.debian.org/security/2015/dsa-3260
http://www.debian.org/security/2015/dsa-3264
http://www.mozilla.org/security/announce/2015/mfsa2015-54.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/74611
http://www.ubuntu.com/usn/USN-2602-1
http://www.ubuntu.com/usn/USN-2603-1
https://bugzilla.mozilla.org/show_bug.cgi?id=1140537
https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c
https://security.gentoo.org/glsa/201605-06
https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7
OR
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to 37.0.2 (inclusive)
OR
cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*
OR
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* versions up to 31.5 (inclusive)
OR
OR
cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.3.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.5.2:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
144005 | NewStart CGSL CORE 5.05 / MAIN 5.05 : expat Vulnerability (NS-SA-2020-0116) | Nessus | NewStart CGSL Local Security Checks | high |
143942 | NewStart CGSL CORE 5.04 / MAIN 5.04 : expat Vulnerability (NS-SA-2020-0077) | Nessus | NewStart CGSL Local Security Checks | high |
137414 | RHEL 7 : expat (RHSA-2020:2508) | Nessus | Red Hat Local Security Checks | high |
136625 | Amazon Linux AMI : expat (ALAS-2020-1364) | Nessus | Amazon Linux Local Security Checks | high |
135808 | Scientific Linux Security Update : expat on SL7.x x86_64 (20200407) | Nessus | Scientific Linux Local Security Checks | high |
135315 | CentOS 7 : expat (CESA-2020:1011) | Nessus | CentOS Local Security Checks | high |
135066 | RHEL 7 : expat (RHSA-2020:1011) | Nessus | Red Hat Local Security Checks | high |
701255 | Mozilla Firefox ESR < 31.7 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | high |
97446 | F5 Networks BIG-IP : Expat XML library vulnerability (K50459349) | Nessus | F5 Networks Local Security Checks | high |
93971 | F5 Networks BIG-IP : Expat XML library vulnerability (K15104541) | Nessus | F5 Networks Local Security Checks | high |
91379 | GLSA-201605-06 : Mozilla Products: Multiple vulnerabilities (Logjam) (SLOTH) | Nessus | Gentoo Local Security Checks | critical |
8868 | Mozilla Thunderbird < 31.7 Multiple Vulnerabilities | Nessus Network Monitor | SMTP Clients | critical |
8865 | Mozilla Firefox < 38.0 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | high |
83947 | SUSE SLED11 / SLES11 Security Update : MozillaFirefox (SUSE-SU-2015:0978-1) | Nessus | SuSE Local Security Checks | high |
83870 | SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2015:0960-1) | Nessus | SuSE Local Security Checks | high |
83801 | openSUSE Security Update : MozillaFirefox (openSUSE-2015-375) | Nessus | SuSE Local Security Checks | critical |
83800 | openSUSE Security Update : MozillaThunderbird (openSUSE-2015-374) | Nessus | SuSE Local Security Checks | critical |
83547 | Debian DSA-3264-1 : icedove - security update | Nessus | Debian Local Security Checks | high |
83544 | Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : thunderbird vulnerabilities (USN-2603-1) | Nessus | Ubuntu Local Security Checks | high |
83538 | Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20150518) | Nessus | Scientific Linux Local Security Checks | high |
83537 | RHEL 5 / 6 / 7 : thunderbird (RHSA-2015:1012) | Nessus | Red Hat Local Security Checks | critical |
83535 | Oracle Linux 6 / 7 : thunderbird (ELSA-2015-1012) | Nessus | Oracle Linux Local Security Checks | critical |
83530 | CentOS 5 / 6 / 7 : thunderbird (CESA-2015:1012) | Nessus | CentOS Local Security Checks | critical |
83464 | Mozilla Thunderbird < 31.7 Multiple Vulnerabilities | Nessus | Windows | critical |
83463 | Mozilla Thunderbird < 31.7 Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | high |
83450 | Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20150512) | Nessus | Scientific Linux Local Security Checks | high |
83439 | Firefox < 38.0 Multiple Vulnerabilities | Nessus | Windows | critical |
83438 | Firefox ESR 31.x < 31.7 Multiple Vulnerabilities | Nessus | Windows | critical |
83437 | Firefox < 38.0 Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | high |
83436 | Firefox ESR 31.x < 31.7 Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | high |
83434 | Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : firefox vulnerabilities (USN-2602-1) | Nessus | Ubuntu Local Security Checks | high |
83423 | Debian DSA-3260-1 : iceweasel - security update | Nessus | Debian Local Security Checks | critical |
83409 | RHEL 5 / 6 / 7 : firefox (RHSA-2015:0988) | Nessus | Red Hat Local Security Checks | high |
83403 | Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-0988) | Nessus | Oracle Linux Local Security Checks | high |
83389 | FreeBSD : mozilla -- multiple vulnerabilities (d9b43004-f5fd-4807-b1d7-dbf66455b244) | Nessus | FreeBSD Local Security Checks | critical |
83378 | CentOS 5 / 6 / 7 : firefox (CESA-2015:0988) | Nessus | CentOS Local Security Checks | high |