CVE-2015-7194

HIGH

Description

Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP archive.

References

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html

http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html

http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html

http://rhn.redhat.com/errata/RHSA-2015-1982.html

http://www.debian.org/security/2015/dsa-3393

http://www.debian.org/security/2015/dsa-3410

http://www.mozilla.org/security/announce/2015/mfsa2015-128.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.securityfocus.com/bid/77411

http://www.securitytracker.com/id/1034069

http://www.ubuntu.com/usn/USN-2785-1

http://www.ubuntu.com/usn/USN-2819-1

https://bugzilla.mozilla.org/show_bug.cgi?id=1211262

https://security.gentoo.org/glsa/201512-10

Details

Source: MITRE

Published: 2015-11-05

Updated: 2016-12-07

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to 41.0.2 (inclusive)

Configuration 2

cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*

Tenable Plugins

View all (25 total)

ID	Name	Product	Family	Severity
9151	Mozilla Thunderbird < 38.4 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	high
87710	GLSA-201512-10 : Mozilla Products: Multiple vulnerabilities (Bar Mitzvah) (Logjam)	Nessus	Gentoo Local Security Checks	critical
87441	openSUSE Security Update : Mozilla Thunderbird (openSUSE-2015-885)	Nessus	SuSE Local Security Checks	high
87390	openSUSE Security Update : MozillaThunderbird (openSUSE-2015-877)	Nessus	SuSE Local Security Checks	high
9018	Mozilla Firefox < 42.0 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
87168	Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : thunderbird vulnerabilities (USN-2819-1)	Nessus	Ubuntu Local Security Checks	high
87164	Debian DSA-3410-1 : icedove - security update	Nessus	Debian Local Security Checks	critical
87110	Mozilla Thunderbird < 38.4 Multiple Vulnerabilities	Nessus	Windows	high
87109	Mozilla Thunderbird < 38.4 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	high
87063	SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2015:2081-1)	Nessus	SuSE Local Security Checks	critical
86955	FreeBSD : mozilla -- multiple vulnerabilities (9d04936c-75f1-4a2c-9ade-4c1708be5df9)	Nessus	FreeBSD Local Security Checks	high
86870	SUSE SLED11 / SLES11 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2015:1981-1)	Nessus	SuSE Local Security Checks	high
86868	SUSE SLES11 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2015:1978-1)	Nessus	SuSE Local Security Checks	high
86808	SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2015:1926-1)	Nessus	SuSE Local Security Checks	high
86807	openSUSE Security Update : MozillaFirefox / mozilla-nspr / mozilla-nss / etc (openSUSE-2015-718)	Nessus	SuSE Local Security Checks	high
86764	Firefox < 42 Multiple Vulnerabilities	Nessus	Windows	high
86763	Firefox ESR < 38.4 Multiple Vulnerabilities	Nessus	Windows	high
86762	Firefox < 42 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	high
86761	Firefox ESR < 38.4 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	high
86758	Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : firefox vulnerabilities (USN-2785-1)	Nessus	Ubuntu Local Security Checks	high
86748	Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20151104)	Nessus	Scientific Linux Local Security Checks	high
86746	RHEL 5 / 6 / 7 : firefox (RHSA-2015:1982)	Nessus	Red Hat Local Security Checks	high
86743	Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-1982)	Nessus	Oracle Linux Local Security Checks	high
86728	Debian DSA-3393-1 : iceweasel - security update	Nessus	Debian Local Security Checks	high
86726	CentOS 5 / 6 / 7 : firefox (CESA-2015:1982)	Nessus	CentOS Local Security Checks	high