Published: 06/07/2015 Updated: 12/09/2023

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox prior to 39.0, Firefox ESR 31.x prior to 31.8 and 38.x prior to 38.1, and Thunderbird prior to 38.1 might allow remote malicious users to cause a denial of service or have unspecified other impact via unknown vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla thunderbird
mozilla firefox esr 38.0
mozilla firefox esr 31.1
mozilla firefox esr 31.3.0
mozilla firefox esr 31.1.1
mozilla firefox esr 31.7.0
mozilla firefox esr 31.5
mozilla firefox esr 31.6.0
mozilla firefox esr 31.3
mozilla firefox esr 31.5.3
mozilla firefox esr 31.5.1
mozilla firefox esr 31.1.0
mozilla firefox esr 31.2
mozilla firefox esr 31.4
mozilla firefox esr 31.0
mozilla firefox esr 31.5.2
canonical ubuntu linux 12.04
novell suse linux enterprise server 12.0
novell suse linux enterprise server 11
debian debian linux 8.0
debian debian linux 7.0
canonical ubuntu linux 14.10
canonical ubuntu linux 14.04
novell suse linux enterprise desktop 12.0
canonical ubuntu linux 15.04
novell suse linux enterprise software development kit 12.0
mozilla firefox
oracle solaris 11.3

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service This update also addresses a vulnerability in DHE key processing commonly known as the LogJam vul ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Several security issues were fixed in Thunderbird ...

Mozilla Foundation Security Advisory 2015-66 Vulnerabilities found through code inspection Announced July 2, 2015 Reporter Ronald Crane Impact Critical Products Firefox, Firefox ESR, Firefox OS, SeaMonkey, Thunderbird ...

Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 390, Firefox ESR 31x before 318 and 38x before 381, and Thunderbird before 381 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors ...

CWE-119 https://bugzilla.mozilla.org/show_bug.cgi?id=1170809 http://www.mozilla.org/security/announce/2015/mfsa2015-66.html http://www.debian.org/security/2015/dsa-3324 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html http://www.ubuntu.com/usn/USN-2673-1 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securityfocus.com/bid/75541 https://security.gentoo.org/glsa/201512-10 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://rhn.redhat.com/errata/RHSA-2015-1455.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://www.ubuntu.com/usn/USN-2656-2 http://www.ubuntu.com/usn/USN-2656-1 http://www.securitytracker.com/id/1032784 http://www.securitytracker.com/id/1032783 http://www.debian.org/security/2015/dsa-3300 http://rhn.redhat.com/errata/RHSA-2015-1207.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html https://nvd.nist.gov https://www.debian.org/security/./dsa-3300 https://usn.ubuntu.com/2656-1/https://access.redhat.com/security/cve/cve-2015-2740

CVE-2015-2740

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect