Published: 14/05/2015 Updated: 12/09/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox prior to 38.0, Firefox ESR 31.x prior to 31.7, and Thunderbird prior to 31.7 allows remote malicious users to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text.

Vulnerable Product	Search on Vulmon	Subscribe to Product
novell suse linux enterprise server 12.0
novell suse linux enterprise desktop 12.0
opensuse opensuse 13.1
opensuse opensuse 13.2
novell suse linux enterprise software development kit 12.0
mozilla firefox
mozilla thunderbird
mozilla firefox esr 31.1
mozilla firefox esr 31.3.0
mozilla firefox esr 31.1.1
mozilla firefox esr 31.5
mozilla firefox esr 31.6.0
mozilla firefox esr 31.3
mozilla firefox esr 31.5.3
mozilla firefox esr 31.5.1
mozilla firefox esr 31.1.0
mozilla firefox esr 31.2
mozilla firefox esr 31.4
mozilla firefox esr 31.0
mozilla firefox esr 31.5.2

Several security issues were fixed in Thunderbird ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and use-after-frees may lead to the execution of arbitrary code, privilege escalation or denial of service For the oldstable distribution (wheezy), these problems have been fixed in version 31 ...

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors, buffer overflows and use-after-frees may lead to the execution of arbitrary code, privilege escalation or denial of service For the oldstable distribution (wheezy), these problems have been fixed in version 3 ...

Mozilla Foundation Security Advisory 2015-51 Use-after-free during text processing with vertical text enabled Announced May 12, 2015 Reporter Scott Bell Impact Critical Products Firefox, Firefox ESR, Firefox OS, SeaMonkey, Th ...

Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 380, Firefox ESR 31x before 317, and Thunderbird before 317 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token seque ...

NVD-CWE-Other http://www.mozilla.org/security/announce/2015/mfsa2015-51.html https://bugzilla.mozilla.org/show_bug.cgi?id=1153478 http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://security.gentoo.org/glsa/201605-06 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7 http://www.ubuntu.com/usn/USN-2603-1 http://www.ubuntu.com/usn/USN-2602-1 http://www.securityfocus.com/bid/74611 http://www.debian.org/security/2015/dsa-3264 http://www.debian.org/security/2015/dsa-3260 http://rhn.redhat.com/errata/RHSA-2015-1012.html http://rhn.redhat.com/errata/RHSA-2015-0988.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html https://nvd.nist.gov https://usn.ubuntu.com/2603-1/https://access.redhat.com/security/cve/cve-2015-2713

CVE-2015-2713

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect