[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-2736Date: (C)2015-07-08   (M)2024-03-27


The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1032783
SECTRACK-1032784
BID-75541
DSA-3300
DSA-3324
GLSA-201512-10
RHSA-2015:1207
RHSA-2015:1455
SUSE-SU-2015:1268
SUSE-SU-2015:1269
SUSE-SU-2015:1449
USN-2656-1
USN-2656-2
USN-2673-1
http://www.mozilla.org/security/announce/2015/mfsa2015-66.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1167888
openSUSE-SU-2015:1229
openSUSE-SU-2015:1266

CPE    22
cpe:/a:mozilla:firefox_esr:38.0
cpe:/a:mozilla:firefox_esr:31.1.0
cpe:/o:debian:debian_linux:7.0
cpe:/a:mozilla:firefox_esr:31.5.1
...
CWE    1
CWE-17
OVAL    25
oval:org.secpod.oval:def:1501056
oval:org.secpod.oval:def:1501057
oval:org.secpod.oval:def:1501058
oval:org.secpod.oval:def:203673
...

© SecPod Technologies