[Forgot Password]
Login  Register Subscribe

24437

 
 

131815

 
 

116564

 
 

909

 
 

91325

 
 

141

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2015-2734Date: (C)2015-07-08   (M)2018-11-17


The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1032783
SECTRACK-1032784
BID-75541
DSA-3300
DSA-3324
GLSA-201512-10
RHSA-2015:1207
RHSA-2015:1455
SUSE-SU-2015:1268
SUSE-SU-2015:1269
SUSE-SU-2015:1449
USN-2656-1
USN-2656-2
USN-2673-1
http://www.mozilla.org/security/announce/2015/mfsa2015-66.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1166082
openSUSE-SU-2015:1229
openSUSE-SU-2015:1266

CPE    20
cpe:/o:canonical:ubuntu_linux:14.10
cpe:/a:mozilla:firefox_esr:38.0
cpe:/a:mozilla:firefox_esr:31.1.0
cpe:/a:mozilla:firefox_esr:31.5.1
...
CWE    1
CWE-17
OVAL    21
oval:org.secpod.oval:def:602185
oval:org.secpod.oval:def:1501056
oval:org.secpod.oval:def:1501057
oval:org.secpod.oval:def:1501058
...

© SecPod Technologies