Lucene search

K
cve[email protected]CVE-2015-7212
HistoryDec 16, 2015 - 11:59 a.m.

CVE-2015-7212

2015-12-1611:59:10
CWE-189
web.nvd.nist.gov
62
cve-2015-7212
integer overflow
mozilla
firefox
nvd
security vulnerability
code execution

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.039 Low

EPSS

Percentile

92.0%

Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation.

Affected configurations

NVD
Node
fedoraprojectfedoraMatch22
OR
fedoraprojectfedoraMatch23
Node
opensuseleapMatch42.1
OR
opensuseopensuseMatch13.1
OR
opensuseopensuseMatch13.2
Node
mozillafirefoxRange42.0
Node
mozillafirefox_esrMatch38.0
OR
mozillafirefox_esrMatch38.0.1
OR
mozillafirefox_esrMatch38.0.5
OR
mozillafirefox_esrMatch38.1.0
OR
mozillafirefox_esrMatch38.1.1
OR
mozillafirefox_esrMatch38.2.0
OR
mozillafirefox_esrMatch38.2.1
OR
mozillafirefox_esrMatch38.3.0
OR
mozillafirefox_esrMatch38.4.0

References

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.039 Low

EPSS

Percentile

92.0%