CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
83.9%
nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | firefox | * | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
mozilla | firefox_esr | 31.0 | cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:* |
mozilla | firefox_esr | 31.1 | cpe:2.3:a:mozilla:firefox_esr:31.1:*:*:*:*:*:*:* |
mozilla | firefox_esr | 31.1.0 | cpe:2.3:a:mozilla:firefox_esr:31.1.0:*:*:*:*:*:*:* |
mozilla | firefox_esr | 31.1.1 | cpe:2.3:a:mozilla:firefox_esr:31.1.1:*:*:*:*:*:*:* |
mozilla | firefox_esr | 31.2 | cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:* |
mozilla | firefox_esr | 31.3 | cpe:2.3:a:mozilla:firefox_esr:31.3:*:*:*:*:*:*:* |
mozilla | firefox_esr | 31.3.0 | cpe:2.3:a:mozilla:firefox_esr:31.3.0:*:*:*:*:*:*:* |
mozilla | firefox_esr | 31.4 | cpe:2.3:a:mozilla:firefox_esr:31.4:*:*:*:*:*:*:* |
mozilla | firefox_esr | 31.5 | cpe:2.3:a:mozilla:firefox_esr:31.5:*:*:*:*:*:*:* |
lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html
lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html
lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html
lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
rhn.redhat.com/errata/RHSA-2015-1207.html
rhn.redhat.com/errata/RHSA-2015-1455.html
www.debian.org/security/2015/dsa-3300
www.debian.org/security/2015/dsa-3324
www.mozilla.org/security/announce/2015/mfsa2015-66.html
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
www.securityfocus.com/bid/75541
www.securitytracker.com/id/1032783
www.securitytracker.com/id/1032784
www.ubuntu.com/usn/USN-2656-1
www.ubuntu.com/usn/USN-2656-2
www.ubuntu.com/usn/USN-2673-1
bugzilla.mozilla.org/show_bug.cgi?id=1166900
security.gentoo.org/glsa/201512-10