Lucene search
Tenable8868.PRMHistorySep 16, 2015 - 12:00 a.m.
Mozilla Thunderbird < 31.7 Multiple Vulnerabilities
2015-09-1600:00:00
Tenable
www.tenable.com
14
Versions of Mozilla Thunderbird prior to 31.7 are prone to the following vulnerabilities :
- A privilege escalation vulnerability exists in the Inter-process Communications (IPC) implementation due to a failure to validate the identity of a listener process. (MFSA2015-57)
- Multiple memory corruption issues exist within the browser engine. A remote attacker can exploit these to corrupt memory and execute arbitrary code. (CVE-2015-2708)
- A buffer overflow condition exists in ‘SVGTextFrame.cpp’ when rendering SVG graphics that are combined with certain CSS properties due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in the execution of arbitrary code. (CVE-2015-2710)
- A use-after-free error exists due to improper processing of text when vertical text is enabled. A remote attacker can exploit this to dereference already freed memory. (CVE-2015-2713)
- A buffer overflow condition exists in the ‘XML_GetBuffer()’ function in xmlparse.c due to improper validation of user-supplied input when handling compressed XML content. An attacker can exploit this to cause a buffer overflow, resulting in the execution of arbitrary code. (CVE-2015-2716)
Binary data 8868.prm| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | thunderbird | cpe:/a:mozilla:thunderbird |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2708
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2710
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2713
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716
www.mozilla.org/security/announce/2014/mfsa2015-46.html
www.mozilla.org/security/announce/2014/mfsa2015-48.html
www.mozilla.org/security/announce/2014/mfsa2015-51.html
www.mozilla.org/security/announce/2014/mfsa2015-54.html
www.mozilla.org/security/announce/2014/mfsa2015-57.html
Related
oraclelinux
oraclelinux
thunderbird security update
2015-05-19 00:00:00
firefox security update
2015-05-13 00:00:00
expat security update
2020-04-06 00:00:00
openvas
openvas
CentOS Update for thunderbird CESA-2015:1012 centos7
2015-06-09 00:00:00
CentOS Update for thunderbird CESA-2015:1012 centos6
2015-06-09 00:00:00
Oracle Linux Local Check: ELSA-2015-1012
2015-10-06 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2015-05-18 00:00:00
Firefox vulnerabilities
2015-05-13 00:00:00
nessus
nessus
Firefox ESR 31.x < 31.7 Multiple Vulnerabilities (Mac OS X)
2015-05-13 00:00:00
Ubuntu 14.04 LTS : Thunderbird vulnerabilities (USN-2603-1)
2015-05-19 00:00:00
Mozilla Thunderbird < 31.7 Multiple Vulnerabilities (Mac OS X)
2015-05-14 00:00:00
redhat
redhat
(RHSA-2015:1012) Important: thunderbird security update
2015-05-18 00:00:00
(RHSA-2015:0988) Critical: firefox security update
2015-05-12 00:00:00
(RHSA-2020:2508) Moderate: expat security update
2020-06-10 16:46:54
centos
centos
thunderbird security update
2015-05-18 14:07:12
firefox security update
2015-05-13 00:01:13
expat security update
2020-04-08 17:58:10
archlinux
archlinux
thunderbird: multiple issues
2015-05-18 00:00:00
firefox: multiple issues
2015-05-13 00:00:00
expat: arbitrary code execution
2016-03-24 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 05:39:09
Arbitrary Code Execution
2019-05-02 05:39:09
Arbitrary Code Execution
2019-05-02 05:39:10
osv
osv
icedove - security update
2015-05-19 00:00:00
expat - security update
2015-07-25 00:00:00
CVE-2016-4472
2016-06-30 17:59:00
debian
debian
[SECURITY] [DSA 3264-1] icedove security update
2015-05-19 21:12:26
[SECURITY] [DSA 3260-1] iceweasel security update
2015-05-13 17:22:46
[SECURITY] [DLA 281-1] expat security update
2015-07-25 14:17:27
suse
suse
Security update for MozillaFirefox (important)
2015-05-28 12:05:02
Security update for MozillaFirefox (important)
2015-06-01 15:05:51
Update to Firefox 31.7.0esr (important)
2015-05-18 13:04:51
mageia
mageia
Updated Firefox, Thunderbird & sqlite3 packages fix security vulnerabilities
2015-05-18 22:08:05
Updated iceape packages fix security vulnerabilities
2015-09-08 10:20:40
cve
cve
mozilla
mozilla
Buffer overflow with SVG content and CSS — Mozilla
2015-05-12 00:00:00
Use-after-free during text processing with vertical text enabled — Mozilla
2015-05-12 00:00:00
Buffer overflow when parsing compressed XML — Mozilla
2015-05-12 00:00:00
prion
prion
Heap overflow
2015-05-14 10:59:00
Memory corruption
2015-05-14 10:59:00
Memory corruption
2015-05-14 10:59:00
ubuntucve
ubuntucve
ibm
ibm
kaspersky
kaspersky
KLA10584 Multiple vulnerabilities in Mozilla products
2015-05-12 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-05-13 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-05-12 00:00:00
expat2 -- denial of service
2016-06-09 00:00:00
f5
f5
K50459349 : Expat XML library vulnerability CVE-2015-2716
2017-02-10 00:00:00
K15104541 : Expat XML library vulnerability CVE-2015-1283
2016-10-11 00:00:00
SOL22232964 - Expat XML library vulnerability CVE-2016-4472
2016-10-21 00:00:00
debiancve
debiancve
CVE-2015-1283
2015-07-23 00:59:00
CVE-2016-4472
2016-06-30 17:59:00
amazon
amazon
Medium: expat
2020-05-11 20:41:00
alpinelinux
alpinelinux
CVE-2016-4472
2016-06-30 17:59:00
redhatcve
redhatcve
CVE-2016-4472
2016-06-09 09:48:44
slackware
slackware
[slackware-security] expat
2016-12-24 19:24:21
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2016-05-31 00:00:00
Related for 8868.PRM