10
CVSSv2

CVE-2015-2725

Published: 06/07/2015 Updated: 28/12/2016
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox prior to 39.0, Firefox ESR 38.x prior to 38.1, and Thunderbird prior to 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Affected Products

Vendor Product Versions
MozillaFirefox38.1.0
MozillaFirefox Esr31.0, 31.1, 31.1.0, 31.1.1, 31.2, 31.3, 31.3.0, 31.4, 31.5, 31.5.1, 31.5.2, 31.5.3, 31.6.0, 31.7.0, 38.0
MozillaThunderbird38.0.1
NovellSuse Linux Enterprise Desktop12.0
NovellSuse Linux Enterprise Server11, 12.0
NovellSuse Linux Enterprise Software Development Kit12.0
OracleSolaris11.3

Vendor Advisories

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 390, Firefox ESR 38x before 381, and Thunderbird before 381 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors ...
Miscellaneous memory safety hazards (rv:390 / rv:318 / rv:381) Announced July 2, 2015 Reporter Mozilla Developers Impact Critical Products Firefox, Firefox ESR, Firefox OS, SeaMonkey, Thunderbird ...
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Oracle Solaris Third Party Bulletin - April 2016 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Upda ...
<!-- content goes here --> Oracle Solaris Third Party Bulletin - October 2015 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day wh ...

References

CWE-119http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1207.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1455.htmlhttp://www.mozilla.org/security/announce/2015/mfsa2015-59.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlhttp://www.securityfocus.com/bid/75541http://www.securitytracker.com/id/1032783http://www.securitytracker.com/id/1032784http://www.ubuntu.com/usn/USN-2656-1http://www.ubuntu.com/usn/USN-2656-2https://bugzilla.mozilla.org/show_bug.cgi?id=1056410https://bugzilla.mozilla.org/show_bug.cgi?id=1151650https://bugzilla.mozilla.org/show_bug.cgi?id=1156861https://bugzilla.mozilla.org/show_bug.cgi?id=1159321https://bugzilla.mozilla.org/show_bug.cgi?id=1159973https://bugzilla.mozilla.org/show_bug.cgi?id=1163359https://bugzilla.mozilla.org/show_bug.cgi?id=1163852https://bugzilla.mozilla.org/show_bug.cgi?id=1172076https://bugzilla.mozilla.org/show_bug.cgi?id=1172397https://security.gentoo.org/glsa/201512-10https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2015-2725https://nvd.nist.govhttp://tools.cisco.com/security/center/viewAlert.x?alertId=39658https://usn.ubuntu.com/2656-1/