CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
80.0%
The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in
Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before
38.1, and Thunderbird before 38.1 reads data from uninitialized memory
locations, which has unspecified impact and attack vectors.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.04 | noarch | firefox | < 39.0+build5-0ubuntu0.12.04.2 | UNKNOWN |
ubuntu | 14.04 | noarch | firefox | < 39.0+build5-0ubuntu0.14.04.1 | UNKNOWN |
ubuntu | 14.10 | noarch | firefox | < 39.0+build5-0ubuntu0.14.10.1 | UNKNOWN |
ubuntu | 15.04 | noarch | firefox | < 39.0+build5-0ubuntu0.15.04.1 | UNKNOWN |
ubuntu | 12.04 | noarch | thunderbird | < 1:31.8.0+build1-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | thunderbird | < 1:31.8.0+build1-0ubuntu0.14.04.1 | UNKNOWN |
ubuntu | 14.10 | noarch | thunderbird | < 1:31.8.0+build1-0ubuntu0.14.10.1 | UNKNOWN |
ubuntu | 15.04 | noarch | thunderbird | < 1:31.8.0+build1-0ubuntu0.15.04.1 | UNKNOWN |
www.mozilla.org/security/announce/2015/mfsa2015-66.html
bugzilla.mozilla.org/show_bug.cgi?id=1167332
launchpad.net/bugs/cve/CVE-2015-2737
nvd.nist.gov/vuln/detail/CVE-2015-2737
security-tracker.debian.org/tracker/CVE-2015-2737
ubuntu.com/security/notices/USN-2656-1
ubuntu.com/security/notices/USN-2656-2
ubuntu.com/security/notices/USN-2673-1
www.cve.org/CVERecord?id=CVE-2015-2737
www.mozilla.org/en-US/security/advisories/mfsa2015-66/