CVE-2015-2716

HIGH

Description

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.

References

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html

http://rhn.redhat.com/errata/RHSA-2015-0988.html

http://rhn.redhat.com/errata/RHSA-2015-1012.html

http://www.debian.org/security/2015/dsa-3260

http://www.debian.org/security/2015/dsa-3264

http://www.mozilla.org/security/announce/2015/mfsa2015-54.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.securityfocus.com/bid/74611

http://www.ubuntu.com/usn/USN-2602-1

http://www.ubuntu.com/usn/USN-2603-1

https://bugzilla.mozilla.org/show_bug.cgi?id=1140537

https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c

https://security.gentoo.org/glsa/201605-06

https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7

https://www.tenable.com/security/tns-2016-20

Details

Source: MITRE

Published: 2015-05-14

Updated: 2018-10-30

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH