CVE-2015-2725

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

References

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

http://rhn.redhat.com/errata/RHSA-2015-1207.html

http://rhn.redhat.com/errata/RHSA-2015-1455.html

http://www.mozilla.org/security/announce/2015/mfsa2015-59.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://www.securityfocus.com/bid/75541

http://www.securitytracker.com/id/1032783

http://www.securitytracker.com/id/1032784

http://www.ubuntu.com/usn/USN-2656-1

http://www.ubuntu.com/usn/USN-2656-2

https://bugzilla.mozilla.org/show_bug.cgi?id=1056410

https://bugzilla.mozilla.org/show_bug.cgi?id=1151650

https://bugzilla.mozilla.org/show_bug.cgi?id=1156861

https://bugzilla.mozilla.org/show_bug.cgi?id=1159321

https://bugzilla.mozilla.org/show_bug.cgi?id=1159973

https://bugzilla.mozilla.org/show_bug.cgi?id=1163359

https://bugzilla.mozilla.org/show_bug.cgi?id=1163852

https://bugzilla.mozilla.org/show_bug.cgi?id=1172076

https://bugzilla.mozilla.org/show_bug.cgi?id=1172397

https://security.gentoo.org/glsa/201512-10

Details

Source: MITRE

Published: 2015-07-06

Updated: 2016-12-28

Type: CWE-119

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
87710GLSA-201512-10 : Mozilla Products: Multiple vulnerabilities (Bar Mitzvah) (Logjam)NessusGentoo Local Security Checks
critical
8879Mozilla Thunderbird < 38.1 Multiple Vulnerabilities (Logjam)Nessus Network MonitorSMTP Clients
critical
8855Mozilla Firefox < 39.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical
85721SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1449-1) (Logjam)NessusSuSE Local Security Checks
low
84899SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2015:1269-1)NessusSuSE Local Security Checks
critical
84898SUSE SLED11 / SLES11 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2015:1268-2)NessusSuSE Local Security Checks
critical
84895Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20150720)NessusScientific Linux Local Security Checks
critical
84893RHEL 5 / 6 / 7 : thunderbird (RHSA-2015:1455)NessusRed Hat Local Security Checks
critical
84890Oracle Linux 6 / 7 : thunderbird (ELSA-2015-1455)NessusOracle Linux Local Security Checks
critical
84884CentOS 5 / 6 / 7 : thunderbird (CESA-2015:1455)NessusCentOS Local Security Checks
critical
84864openSUSE Security Update : MozillaThunderbird (openSUSE-2015-495) (Logjam)NessusSuSE Local Security Checks
low
84794Ubuntu 12.04 LTS : firefox vulnerabilities (USN-2656-2) (Logjam)NessusUbuntu Local Security Checks
low
84780FreeBSD : mozilla -- multiple vulnerabilities (44d9daee-940c-4179-86bb-6e3ffd617869) (Logjam)NessusFreeBSD Local Security Checks
low
84720openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2015-480) (Logjam)NessusSuSE Local Security Checks
low
84664Ubuntu 14.04 LTS / 14.10 / 15.04 : firefox vulnerabilities (USN-2656-1) (Logjam)NessusUbuntu Local Security Checks
low
84582Mozilla Thunderbird < 38.1 Multiple Vulnerabilities (Logjam)NessusWindows
critical
84580Firefox ESR < 38.1 Multiple Vulnerabilities (Logjam)NessusWindows
critical
84578Mozilla Thunderbird < 38.1 Multiple Vulnerabilities (Mac OS X) (Logjam)NessusMacOS X Local Security Checks
critical
84577Firefox < 39.0 Multiple Vulnerabilities (Mac OS X) (Logjam)NessusMacOS X Local Security Checks
critical
84550CentOS 5 / 6 / 7 : firefox (CESA-2015:1207)NessusCentOS Local Security Checks
critical
84543Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20150703)NessusScientific Linux Local Security Checks
critical
84535RHEL 5 / 6 / 7 : firefox (RHSA-2015:1207)NessusRed Hat Local Security Checks
critical
84534Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-1207)NessusOracle Linux Local Security Checks
critical