Lucene search

[email protected]NVD:CVE-2015-2736

HistoryJul 06, 2015 - 2:01 a.m.

CVE-2015-2736

2015-07-0602:01:05

CWE-17

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

4 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.9%

JSON

The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.

Affected configurations

NVD

Node

mozillafirefoxRange≤38.1.0

Node

mozillathunderbirdRange≤38.0.1

Node

mozillafirefox_esrMatch31.0

mozillafirefox_esrMatch31.1

mozillafirefox_esrMatch31.1.0

mozillafirefox_esrMatch31.1.1

mozillafirefox_esrMatch31.2

mozillafirefox_esrMatch31.3

mozillafirefox_esrMatch31.3.0

mozillafirefox_esrMatch31.4

mozillafirefox_esrMatch31.5

mozillafirefox_esrMatch31.5.1

mozillafirefox_esrMatch31.5.2

mozillafirefox_esrMatch31.5.3

mozillafirefox_esrMatch31.6.0

mozillafirefox_esrMatch31.7.0

mozillafirefox_esrMatch38.0

Node

oraclesolarisMatch11.3

Node

novellsuse_linux_enterprise_software_development_kitMatch12.0

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch14.10

canonicalubuntu_linuxMatch15.04

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

novellsuse_linux_enterprise_desktopMatch12.0

novellsuse_linux_enterprise_serverMatch11sp4

novellsuse_linux_enterprise_serverMatch12.0

References

lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html

lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

rhn.redhat.com/errata/RHSA-2015-1207.html

rhn.redhat.com/errata/RHSA-2015-1455.html

www.debian.org/security/2015/dsa-3300

www.debian.org/security/2015/dsa-3324

www.mozilla.org/security/announce/2015/mfsa2015-66.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

www.securityfocus.com/bid/75541

www.securitytracker.com/id/1032783

www.securitytracker.com/id/1032784

www.ubuntu.com/usn/USN-2656-1

www.ubuntu.com/usn/USN-2656-2

www.ubuntu.com/usn/USN-2673-1

bugzilla.mozilla.org/show_bug.cgi?id=1167888

security.gentoo.org/glsa/201512-10

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

4 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.9%

JSON

Related for NVD:CVE-2015-2736

cve1 ubuntucve1 prion1 cvelist1 mozilla1 openvas33 mageia2 nessus30 debian2 ubuntu3 centos2 redhat2 oraclelinux2 archlinux2 osv1 veracode15 suse6 kaspersky1 freebsd1 securityvulns1 ibm2 gentoo1