Published: 06/07/2015 Updated: 30/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox prior to 39.0, Firefox ESR 31.x prior to 31.8 and 38.x prior to 38.1, and Thunderbird prior to 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
suse linux enterprise server 11
suse linux enterprise desktop 12
suse linux enterprise software development kit 12
suse suse linux enterprise server 12
mozilla firefox esr 31.6.0
mozilla firefox esr 31.5
mozilla firefox esr 31.4
mozilla firefox esr 31.0
mozilla firefox esr 31.5.3
mozilla firefox esr 31.2
mozilla firefox esr 31.1.1
mozilla firefox esr 38.0
mozilla firefox esr 31.7.0
mozilla firefox esr 31.3.0
mozilla firefox esr 31.3
mozilla firefox esr 31.5.2
mozilla firefox esr 31.5.1
mozilla firefox esr 31.1.0
mozilla firefox esr 31.1
canonical ubuntu linux 14.04
canonical ubuntu linux 12.04
canonical ubuntu linux 15.04
canonical ubuntu linux 14.10
debian debian linux 7.0
debian debian linux 8.0
mozilla firefox
mozilla thunderbird
oracle solaris 11.3

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service This update also addresses a vulnerability in DHE key processing commonly known as the LogJam vul ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Several security issues were fixed in Thunderbird ...

Mozilla Foundation Security Advisory 2015-66 Vulnerabilities found through code inspection Announced July 2, 2015 Reporter Ronald Crane Impact Critical Products Firefox, Firefox ESR, Firefox OS, SeaMonkey, Thunderbird ...

The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 390, Firefox ESR 31x before 318 and 38x before 381, and Thunderbird before 381 reads data from uninitialized memory locations, which has unspecified impact and attack vectors ...

CWE-17 https://bugzilla.mozilla.org/show_bug.cgi?id=1166082 http://www.mozilla.org/security/announce/2015/mfsa2015-66.html http://www.debian.org/security/2015/dsa-3324 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html http://www.ubuntu.com/usn/USN-2673-1 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securityfocus.com/bid/75541 https://security.gentoo.org/glsa/201512-10 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://rhn.redhat.com/errata/RHSA-2015-1455.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://www.ubuntu.com/usn/USN-2656-2 http://www.ubuntu.com/usn/USN-2656-1 http://www.securitytracker.com/id/1032784 http://www.securitytracker.com/id/1032783 http://www.debian.org/security/2015/dsa-3300 http://rhn.redhat.com/errata/RHSA-2015-1207.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html https://nvd.nist.gov https://www.debian.org/security/./dsa-3300 https://usn.ubuntu.com/2656-1/https://access.redhat.com/security/cve/cve-2015-2734

CVE-2015-2734

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect