Lucene search

[email protected]NVD:CVE-2015-2724

HistoryJul 06, 2015 - 2:00 a.m.

CVE-2015-2724

2015-07-0602:00:55

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

5.7

Confidence

High

EPSS

0.009

Percentile

83.2%

JSON

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Affected configurations

Nvd

Node

oraclesolarisMatch11.3

Node

mozillafirefox_esrMatch31.0

mozillafirefox_esrMatch31.1

mozillafirefox_esrMatch31.1.0

mozillafirefox_esrMatch31.1.1

mozillafirefox_esrMatch31.2

mozillafirefox_esrMatch31.3

mozillafirefox_esrMatch31.3.0

mozillafirefox_esrMatch31.4

mozillafirefox_esrMatch31.5

mozillafirefox_esrMatch31.5.1

mozillafirefox_esrMatch31.5.2

mozillafirefox_esrMatch31.5.3

mozillafirefox_esrMatch31.6.0

mozillafirefox_esrMatch31.7.0

mozillafirefox_esrMatch38.0

Node

novellsuse_linux_enterprise_software_development_kitMatch12.0

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch14.10

canonicalubuntu_linuxMatch15.04

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

novellsuse_linux_enterprise_desktopMatch12.0

novellsuse_linux_enterprise_serverMatch11sp4

novellsuse_linux_enterprise_serverMatch12.0

Node

mozillathunderbirdRange≤38.0.1

Node

mozillafirefoxRange≤38.1.0

References

lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html

lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

rhn.redhat.com/errata/RHSA-2015-1207.html

rhn.redhat.com/errata/RHSA-2015-1455.html

www.debian.org/security/2015/dsa-3300

www.debian.org/security/2015/dsa-3324

www.mozilla.org/security/announce/2015/mfsa2015-59.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

www.securityfocus.com/bid/75541

www.securitytracker.com/id/1032783

www.securitytracker.com/id/1032784

www.ubuntu.com/usn/USN-2656-1

www.ubuntu.com/usn/USN-2656-2

www.ubuntu.com/usn/USN-2673-1

bugzilla.mozilla.org/show_bug.cgi?id=1143679

bugzilla.mozilla.org/show_bug.cgi?id=1154876

bugzilla.mozilla.org/show_bug.cgi?id=1160884

bugzilla.mozilla.org/show_bug.cgi?id=1164567

security.gentoo.org/glsa/201512-10

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

5.7

Confidence

High

EPSS

0.009

Percentile

83.2%

JSON

Related for NVD:CVE-2015-2724

prion1 ubuntucve1 veracode16 cve1 cvelist1 openvas33 mozilla1 mageia2 debian2 nessus30 ubuntu3 centos2 redhat2 oraclelinux2 archlinux2 osv1 suse6 kaspersky1 securityvulns1 freebsd1 ibm2 gentoo1