10
CVSSv2

CVE-2015-2724

Published: 06/07/2015 Updated: 28/12/2016
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox prior to 39.0, Firefox ESR 31.x prior to 31.8 and 38.x prior to 38.1, and Thunderbird prior to 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Affected Products

Vendor Product Versions
MozillaFirefox38.1.0
MozillaFirefox Esr31.0, 31.1, 31.1.0, 31.1.1, 31.2, 31.3, 31.3.0, 31.4, 31.5, 31.5.1, 31.5.2, 31.5.3, 31.6.0, 31.7.0, 38.0
MozillaThunderbird38.0.1
CanonicalUbuntu Linux12.04, 14.04, 14.10, 15.04
DebianDebian Linux7.0, 8.0
NovellSuse Linux Enterprise Desktop12.0
NovellSuse Linux Enterprise Server11, 12.0
NovellSuse Linux Enterprise Software Development Kit12.0
OracleSolaris11.3

Vendor Advisories

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 390, Firefox ESR 31x before 318 and 38x before 381, and Thunderbird before 381 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors ...
Miscellaneous memory safety hazards (rv:390 / rv:318 / rv:381) Announced July 2, 2015 Reporter Mozilla Developers Impact Critical Products Firefox, Firefox ESR, Firefox OS, SeaMonkey, Thunderbird ...
Several security issues were fixed in Thunderbird ...
Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service This update also addresses a vulnerability in DHE key processing commonly known as the LogJam vul ...
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Oracle Solaris Third Party Bulletin - April 2016 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Upda ...
<!-- content goes here --> Oracle Solaris Third Party Bulletin - October 2015 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day wh ...