9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.01 Low
EPSS
Percentile
83.8%
The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0,
Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before
38.1 accesses unintended memory locations, which allows remote attackers to
have an unspecified impact via a crafted ZIP archive.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.04 | noarch | firefox | < 39.0+build5-0ubuntu0.12.04.2 | UNKNOWN |
ubuntu | 14.04 | noarch | firefox | < 39.0+build5-0ubuntu0.14.04.1 | UNKNOWN |
ubuntu | 14.10 | noarch | firefox | < 39.0+build5-0ubuntu0.14.10.1 | UNKNOWN |
ubuntu | 15.04 | noarch | firefox | < 39.0+build5-0ubuntu0.15.04.1 | UNKNOWN |
ubuntu | 12.04 | noarch | thunderbird | < 1:31.8.0+build1-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | thunderbird | < 1:31.8.0+build1-0ubuntu0.14.04.1 | UNKNOWN |
ubuntu | 14.10 | noarch | thunderbird | < 1:31.8.0+build1-0ubuntu0.14.10.1 | UNKNOWN |
ubuntu | 15.04 | noarch | thunderbird | < 1:31.8.0+build1-0ubuntu0.15.04.1 | UNKNOWN |
www.mozilla.org/security/announce/2015/mfsa2015-66.html
bugzilla.mozilla.org/show_bug.cgi?id=1167888
launchpad.net/bugs/cve/CVE-2015-2736
nvd.nist.gov/vuln/detail/CVE-2015-2736
security-tracker.debian.org/tracker/CVE-2015-2736
ubuntu.com/security/notices/USN-2656-1
ubuntu.com/security/notices/USN-2656-2
ubuntu.com/security/notices/USN-2673-1
www.cve.org/CVERecord?id=CVE-2015-2736
www.mozilla.org/en-US/security/advisories/mfsa2015-66/