10
CVSSv2

CVE-2015-2725

Published: 06/07/2015 Updated: 28/12/2016
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox prior to 39.0, Firefox ESR 38.x prior to 38.1, and Thunderbird prior to 38.1 allow remote malicious users to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

novell suse linux enterprise desktop 12.0

novell suse linux enterprise server 11

novell suse linux enterprise server 12.0

novell suse linux enterprise software development kit 12.0

oracle solaris 11.3

mozilla firefox esr 31.0

mozilla firefox esr 31.1

mozilla firefox esr 31.1.0

mozilla firefox esr 31.1.1

mozilla firefox esr 31.2

mozilla firefox esr 31.3

mozilla firefox esr 31.3.0

mozilla firefox esr 31.4

mozilla firefox esr 31.5

mozilla firefox esr 31.5.1

mozilla firefox esr 31.5.2

mozilla firefox esr 31.5.3

mozilla firefox esr 31.6.0

mozilla firefox esr 31.7.0

mozilla firefox esr 38.0

mozilla firefox

mozilla thunderbird

Vendor Advisories

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 390, Firefox ESR 38x before 381, and Thunderbird before 381 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors ...
Miscellaneous memory safety hazards (rv:390 / rv:318 / rv:381) Announced July 2, 2015 Reporter Mozilla Developers Impact Critical Products Firefox, Firefox ESR, Firefox OS, SeaMonkey, Thunderbird ...
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Oracle Solaris Third Party Bulletin - April 2016 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Upda ...
<!-- content goes here --> Oracle Solaris Third Party Bulletin - October 2015 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day wh ...

References

CWE-119http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1207.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1455.htmlhttp://www.mozilla.org/security/announce/2015/mfsa2015-59.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlhttp://www.securityfocus.com/bid/75541http://www.securitytracker.com/id/1032783http://www.securitytracker.com/id/1032784http://www.ubuntu.com/usn/USN-2656-1http://www.ubuntu.com/usn/USN-2656-2https://bugzilla.mozilla.org/show_bug.cgi?id=1056410https://bugzilla.mozilla.org/show_bug.cgi?id=1151650https://bugzilla.mozilla.org/show_bug.cgi?id=1156861https://bugzilla.mozilla.org/show_bug.cgi?id=1159321https://bugzilla.mozilla.org/show_bug.cgi?id=1159973https://bugzilla.mozilla.org/show_bug.cgi?id=1163359https://bugzilla.mozilla.org/show_bug.cgi?id=1163852https://bugzilla.mozilla.org/show_bug.cgi?id=1172076https://bugzilla.mozilla.org/show_bug.cgi?id=1172397https://security.gentoo.org/glsa/201512-10https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2015-2725https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-2725https://usn.ubuntu.com/2656-2/http://tools.cisco.com/security/center/viewAlert.x?alertId=39658