Lucene search

[email protected]CVE-2015-7212

HistoryDec 16, 2015 - 11:59 a.m.

CVE-2015-7212

2015-12-1611:59:10

CWE-189

[email protected]

web.nvd.nist.gov

cve-2015-7212

integer overflow

mozilla

firefox

nvd

security vulnerability

code execution

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.039 Low

EPSS

Percentile

92.0%

JSON

Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation.

Affected configurations

NVD

Node

fedoraprojectfedoraMatch22

fedoraprojectfedoraMatch23

Node

opensuseleapMatch42.1

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

Node

mozillafirefoxRange≤42.0

Node

mozillafirefox_esrMatch38.0

mozillafirefox_esrMatch38.0.1

mozillafirefox_esrMatch38.0.5

mozillafirefox_esrMatch38.1.0

mozillafirefox_esrMatch38.1.1

mozillafirefox_esrMatch38.2.0

mozillafirefox_esrMatch38.2.1

mozillafirefox_esrMatch38.3.0

mozillafirefox_esrMatch38.4.0

CPENameOperatorVersion
fedoraproject:fedorafedoraproject fedoraeq22
fedoraproject:fedorafedoraproject fedoraeq23

CPE	Name	Operator	Version
fedoraproject:fedora	fedoraproject fedora	eq	22
fedoraproject:fedora	fedoraproject fedora	eq	23

References

lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html

lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html

lists.opensuse.org/opensuse-updates/2015-12/msg00104.html

lists.opensuse.org/opensuse-updates/2016-02/msg00007.html

lists.opensuse.org/opensuse-updates/2016-02/msg00008.html

rhn.redhat.com/errata/RHSA-2015-2657.html

www.debian.org/security/2015/dsa-3422

www.debian.org/security/2016/dsa-3432

www.mozilla.org/security/announce/2015/mfsa2015-139.html

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

www.securityfocus.com/bid/79279

www.securitytracker.com/id/1034426

www.ubuntu.com/usn/USN-2833-1

www.ubuntu.com/usn/USN-2859-1

bugzilla.mozilla.org/show_bug.cgi?id=1222809

security.gentoo.org/glsa/201512-10

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.039 Low

EPSS

Percentile

92.0%

JSON

Related for CVE-2015-7212

prion1 mozilla1 cvelist1 ubuntucve1 openvas32 nvd1 redhat2 nessus29 veracode6 centos2 oraclelinux2 archlinux2 ubuntu2 debian2 mageia3 suse5 kaspersky1 freebsd1 gentoo1