SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2015-2735

Date: (C)2015-07-08 (M)2024-03-27

nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE

Reference:

SECTRACK-1032783

SECTRACK-1032784

SUSE-SU-2015:1268

SUSE-SU-2015:1269

SUSE-SU-2015:1449

http://www.mozilla.org/security/announce/2015/mfsa2015-66.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

https://bugzilla.mozilla.org/show_bug.cgi?id=1166900

openSUSE-SU-2015:1229

openSUSE-SU-2015:1266

cpe:/a:mozilla:firefox_esr:38.0
cpe:/a:mozilla:firefox_esr:31.1.0
cpe:/a:mozilla:firefox_esr:31.5.1
cpe:/a:mozilla:firefox_esr:31.5.2
...

oval:org.secpod.oval:def:1501056
oval:org.secpod.oval:def:1501057
oval:org.secpod.oval:def:1501058
oval:org.secpod.oval:def:203673
...

© SecPod Technologies