Published: 06/07/2015 Updated: 12/09/2023

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

The nsZipArchive::BuildFileList function in Mozilla Firefox prior to 39.0, Firefox ESR 31.x prior to 31.8 and 38.x prior to 38.1, and Thunderbird prior to 38.1 accesses unintended memory locations, which allows remote malicious users to have an unspecified impact via a crafted ZIP archive.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox
mozilla thunderbird
mozilla firefox esr 38.0
mozilla firefox esr 31.1
mozilla firefox esr 31.3.0
mozilla firefox esr 31.1.1
mozilla firefox esr 31.7.0
mozilla firefox esr 31.5
mozilla firefox esr 31.6.0
mozilla firefox esr 31.3
mozilla firefox esr 31.5.3
mozilla firefox esr 31.5.1
mozilla firefox esr 31.1.0
mozilla firefox esr 31.2
mozilla firefox esr 31.4
mozilla firefox esr 31.0
mozilla firefox esr 31.5.2
oracle solaris 11.3
canonical ubuntu linux 12.04
novell suse linux enterprise server 12.0
novell suse linux enterprise server 11
debian debian linux 8.0
debian debian linux 7.0
canonical ubuntu linux 14.10
canonical ubuntu linux 14.04
novell suse linux enterprise desktop 12.0
canonical ubuntu linux 15.04
novell suse linux enterprise software development kit 12.0

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service This update also addresses a vulnerability in DHE key processing commonly known as the LogJam vul ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Several security issues were fixed in Thunderbird ...

Mozilla Foundation Security Advisory 2015-66 Vulnerabilities found through code inspection Announced July 2, 2015 Reporter Ronald Crane Impact Critical Products Firefox, Firefox ESR, Firefox OS, SeaMonkey, Thunderbird ...

The nsZipArchive::BuildFileList function in Mozilla Firefox before 390, Firefox ESR 31x before 318 and 38x before 381, and Thunderbird before 381 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive ...

CWE-17 https://bugzilla.mozilla.org/show_bug.cgi?id=1167888 http://www.mozilla.org/security/announce/2015/mfsa2015-66.html http://www.debian.org/security/2015/dsa-3324 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html http://www.ubuntu.com/usn/USN-2673-1 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securityfocus.com/bid/75541 https://security.gentoo.org/glsa/201512-10 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://rhn.redhat.com/errata/RHSA-2015-1455.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://www.ubuntu.com/usn/USN-2656-2 http://www.ubuntu.com/usn/USN-2656-1 http://www.securitytracker.com/id/1032784 http://www.securitytracker.com/id/1032783 http://www.debian.org/security/2015/dsa-3300 http://rhn.redhat.com/errata/RHSA-2015-1207.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html https://nvd.nist.gov https://www.debian.org/security/./dsa-3300 https://usn.ubuntu.com/2656-1/https://access.redhat.com/security/cve/cve-2015-2736

CVE-2015-2736

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect