Lucene search

[email protected]NVD:CVE-2015-2734

HistoryJul 06, 2015 - 2:01 a.m.

CVE-2015-2734

2015-07-0602:01:03

CWE-17

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

3.9 Low

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.1%

JSON

The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

Affected configurations

NVD

Node

suselinux_enterprise_desktopMatch12

suselinux_enterprise_serverMatch11sp4

suselinux_enterprise_software_development_kitMatch12

susesuse_linux_enterprise_serverMatch12

Node

mozillafirefox_esrMatch31.0

mozillafirefox_esrMatch31.1

mozillafirefox_esrMatch31.1.0

mozillafirefox_esrMatch31.1.1

mozillafirefox_esrMatch31.2

mozillafirefox_esrMatch31.3

mozillafirefox_esrMatch31.3.0

mozillafirefox_esrMatch31.4

mozillafirefox_esrMatch31.5

mozillafirefox_esrMatch31.5.1

mozillafirefox_esrMatch31.5.2

mozillafirefox_esrMatch31.5.3

mozillafirefox_esrMatch31.6.0

mozillafirefox_esrMatch31.7.0

mozillafirefox_esrMatch38.0

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch14.10

canonicalubuntu_linuxMatch15.04

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

Node

mozillafirefoxRange≤38.1.0

Node

mozillathunderbirdRange≤38.0.1

Node

oraclesolarisMatch11.3

References

lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html

lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

rhn.redhat.com/errata/RHSA-2015-1207.html

rhn.redhat.com/errata/RHSA-2015-1455.html

www.debian.org/security/2015/dsa-3300

www.debian.org/security/2015/dsa-3324

www.mozilla.org/security/announce/2015/mfsa2015-66.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

www.securityfocus.com/bid/75541

www.securitytracker.com/id/1032783

www.securitytracker.com/id/1032784

www.ubuntu.com/usn/USN-2656-1

www.ubuntu.com/usn/USN-2656-2

www.ubuntu.com/usn/USN-2673-1

bugzilla.mozilla.org/show_bug.cgi?id=1166082

security.gentoo.org/glsa/201512-10

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

3.9 Low

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.1%

JSON

Related for NVD:CVE-2015-2734

cvelist1 cve1 ubuntucve1 prion1 mozilla1 openvas33 mageia2 nessus30 debian2 ubuntu3 oraclelinux2 archlinux2 centos2 redhat2 osv1 veracode15 suse6 freebsd1 securityvulns1 kaspersky1 ibm2 gentoo1