CVE-2015-2710

2015-05-1410:59:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-2710

heap-based buffer overflow

mozilla firefox

security vulnerability

remote code execution

svg

css

9.5 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.051 Low

EPSS

Percentile

92.9%

JSON

Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence.

CPENameOperatorVersion
mozilla:thunderbirdmozilla thunderbirdle31.5
mozilla:firefox_esrmozilla firefox esreq31.1
mozilla:firefox_esrmozilla firefox esreq31.3.0
mozilla:firefox_esrmozilla firefox esreq31.1.1
mozilla:firefox_esrmozilla firefox esreq31.5
mozilla:firefox_esrmozilla firefox esreq31.6.0
mozilla:firefox_esrmozilla firefox esreq31.3
mozilla:firefox_esrmozilla firefox esreq31.5.3
mozilla:firefox_esrmozilla firefox esreq31.5.1
mozilla:firefox_esrmozilla firefox esreq31.1.0

CPE	Name	Operator	Version
mozilla:thunderbird	mozilla thunderbird	le	31.5
mozilla:firefox_esr	mozilla firefox esr	eq	31.1
mozilla:firefox_esr	mozilla firefox esr	eq	31.3.0
mozilla:firefox_esr	mozilla firefox esr	eq	31.1.1
mozilla:firefox_esr	mozilla firefox esr	eq	31.5
mozilla:firefox_esr	mozilla firefox esr	eq	31.6.0
mozilla:firefox_esr	mozilla firefox esr	eq	31.3
mozilla:firefox_esr	mozilla firefox esr	eq	31.5.3
mozilla:firefox_esr	mozilla firefox esr	eq	31.5.1
mozilla:firefox_esr	mozilla firefox esr	eq	31.1.0