CVE-2015-2716

HIGH

Description

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.

References

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html

http://rhn.redhat.com/errata/RHSA-2015-0988.html

http://rhn.redhat.com/errata/RHSA-2015-1012.html

http://www.debian.org/security/2015/dsa-3260

http://www.debian.org/security/2015/dsa-3264

http://www.mozilla.org/security/announce/2015/mfsa2015-54.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.securityfocus.com/bid/74611

http://www.ubuntu.com/usn/USN-2602-1

http://www.ubuntu.com/usn/USN-2603-1

https://bugzilla.mozilla.org/show_bug.cgi?id=1140537

https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c

https://security.gentoo.org/glsa/201605-06

https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7

https://www.tenable.com/security/tns-2016-20

Details

Source: MITRE

Published: 2015-05-14

Updated: 2018-10-30

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

ID	Name	Product	Family	Severity
97446	F5 Networks BIG-IP : Expat XML library vulnerability (K50459349)	Nessus	F5 Networks Local Security Checks	high
93971	F5 Networks BIG-IP : Expat XML library vulnerability (K15104541)	Nessus	F5 Networks Local Security Checks	high
91379	GLSA-201605-06 : Mozilla Products: Multiple vulnerabilities (Logjam) (SLOTH)	Nessus	Gentoo Local Security Checks	critical
8868	Mozilla Thunderbird < 31.7 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	critical
8865	Mozilla Firefox < 38.0 / Firefox ESR < 31.7 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
83947	SUSE SLED11 / SLES11 Security Update : MozillaFirefox (SUSE-SU-2015:0978-1)	Nessus	SuSE Local Security Checks	high
83870	SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2015:0960-1)	Nessus	SuSE Local Security Checks	high
83801	openSUSE Security Update : MozillaFirefox (openSUSE-2015-375)	Nessus	SuSE Local Security Checks	critical
83800	openSUSE Security Update : MozillaThunderbird (openSUSE-2015-374)	Nessus	SuSE Local Security Checks	critical
83547	Debian DSA-3264-1 : icedove - security update	Nessus	Debian Local Security Checks	high
83544	Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : thunderbird vulnerabilities (USN-2603-1)	Nessus	Ubuntu Local Security Checks	high
83538	Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
83537	RHEL 5 / 6 / 7 : thunderbird (RHSA-2015:1012)	Nessus	Red Hat Local Security Checks	critical
83535	Oracle Linux 6 / 7 : thunderbird (ELSA-2015-1012)	Nessus	Oracle Linux Local Security Checks	critical
83530	CentOS 5 / 6 / 7 : thunderbird (CESA-2015:1012)	Nessus	CentOS Local Security Checks	critical
83464	Mozilla Thunderbird < 31.7 Multiple Vulnerabilities	Nessus	Windows	critical
83463	Mozilla Thunderbird < 31.7 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	high
83450	Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
83439	Firefox < 38.0 Multiple Vulnerabilities	Nessus	Windows	high
83438	Firefox ESR 31.x < 31.7 Multiple Vulnerabilities	Nessus	Windows	high
83437	Firefox < 38.0 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	high
83436	Firefox ESR 31.x < 31.7 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	high
83434	Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : firefox vulnerabilities (USN-2602-1)	Nessus	Ubuntu Local Security Checks	high
83423	Debian DSA-3260-1 : iceweasel - security update	Nessus	Debian Local Security Checks	critical
83409	RHEL 5 / 6 / 7 : firefox (RHSA-2015:0988)	Nessus	Red Hat Local Security Checks	high
83403	Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-0988)	Nessus	Oracle Linux Local Security Checks	high
83389	FreeBSD : mozilla -- multiple vulnerabilities (d9b43004-f5fd-4807-b1d7-dbf66455b244)	Nessus	FreeBSD Local Security Checks	critical
83378	CentOS 5 / 6 / 7 : firefox (CESA-2015:0988)	Nessus	CentOS Local Security Checks	high