CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
80.0%
The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9
implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8
and 38.x before 38.1, and Thunderbird before 38.1 reads data from
uninitialized memory locations, which has unspecified impact and attack
vectors.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.04 | noarch | firefox | < 39.0+build5-0ubuntu0.12.04.2 | UNKNOWN |
ubuntu | 14.04 | noarch | firefox | < 39.0+build5-0ubuntu0.14.04.1 | UNKNOWN |
ubuntu | 14.10 | noarch | firefox | < 39.0+build5-0ubuntu0.14.10.1 | UNKNOWN |
ubuntu | 15.04 | noarch | firefox | < 39.0+build5-0ubuntu0.15.04.1 | UNKNOWN |
ubuntu | 12.04 | noarch | thunderbird | < 1:31.8.0+build1-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | thunderbird | < 1:31.8.0+build1-0ubuntu0.14.04.1 | UNKNOWN |
ubuntu | 14.10 | noarch | thunderbird | < 1:31.8.0+build1-0ubuntu0.14.10.1 | UNKNOWN |
ubuntu | 15.04 | noarch | thunderbird | < 1:31.8.0+build1-0ubuntu0.15.04.1 | UNKNOWN |
www.mozilla.org/security/announce/2015/mfsa2015-66.html
bugzilla.mozilla.org/show_bug.cgi?id=1166082
launchpad.net/bugs/cve/CVE-2015-2734
nvd.nist.gov/vuln/detail/CVE-2015-2734
security-tracker.debian.org/tracker/CVE-2015-2734
ubuntu.com/security/notices/USN-2656-1
ubuntu.com/security/notices/USN-2656-2
ubuntu.com/security/notices/USN-2673-1
www.cve.org/CVERecord?id=CVE-2015-2734
www.mozilla.org/en-US/security/advisories/mfsa2015-66/