Lucene search

[email protected]NVD:CVE-2015-2737

HistoryJul 06, 2015 - 2:01 a.m.

CVE-2015-2737

2015-07-0602:01:06

CWE-17

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

3.9

Confidence

High

EPSS

0.007

Percentile

80.0%

JSON

The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

Affected configurations

Nvd

Node

mozillafirefox_esrMatch31.0

mozillafirefox_esrMatch31.1

mozillafirefox_esrMatch31.1.0

mozillafirefox_esrMatch31.1.1

mozillafirefox_esrMatch31.2

mozillafirefox_esrMatch31.3

mozillafirefox_esrMatch31.3.0

mozillafirefox_esrMatch31.4

mozillafirefox_esrMatch31.5

mozillafirefox_esrMatch31.5.1

mozillafirefox_esrMatch31.5.2

mozillafirefox_esrMatch31.5.3

mozillafirefox_esrMatch31.6.0

mozillafirefox_esrMatch31.7.0

mozillafirefox_esrMatch38.0

Node

mozillafirefoxRange≤38.1.0

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch14.10

canonicalubuntu_linuxMatch15.04

Node

oraclesolarisMatch11.3

Node

suselinux_enterprise_desktopMatch12

suselinux_enterprise_serverMatch11sp4

suselinux_enterprise_software_development_kitMatch12

susesuse_linux_enterprise_serverMatch12

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

Node

mozillathunderbirdRange≤38.0.1

References

lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html

lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

rhn.redhat.com/errata/RHSA-2015-1207.html

rhn.redhat.com/errata/RHSA-2015-1455.html

www.debian.org/security/2015/dsa-3300

www.debian.org/security/2015/dsa-3324

www.mozilla.org/security/announce/2015/mfsa2015-66.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

www.securityfocus.com/bid/75541

www.securitytracker.com/id/1032783

www.securitytracker.com/id/1032784

www.ubuntu.com/usn/USN-2656-1

www.ubuntu.com/usn/USN-2656-2

www.ubuntu.com/usn/USN-2673-1

bugzilla.mozilla.org/show_bug.cgi?id=1167332

security.gentoo.org/glsa/201512-10

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

3.9

Confidence

High

EPSS

0.007

Percentile

80.0%

JSON

Related for NVD:CVE-2015-2737

prion1 ubuntucve1 cvelist1 cve1 mozilla1 openvas33 mageia2 debian2 nessus30 ubuntu3 centos2 redhat2 oraclelinux2 archlinux2 osv1 suse6 veracode15 kaspersky1 securityvulns1 freebsd1 ibm2 gentoo1