10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
79.8%
The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr
implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8
and 38.x before 38.1, and Thunderbird before 38.1 reads data from
uninitialized memory locations, which has unspecified impact and attack
vectors.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.04 | noarch | firefox | < 39.0+build5-0ubuntu0.12.04.2 | UNKNOWN |
ubuntu | 14.04 | noarch | firefox | < 39.0+build5-0ubuntu0.14.04.1 | UNKNOWN |
ubuntu | 14.10 | noarch | firefox | < 39.0+build5-0ubuntu0.14.10.1 | UNKNOWN |
ubuntu | 15.04 | noarch | firefox | < 39.0+build5-0ubuntu0.15.04.1 | UNKNOWN |
ubuntu | 12.04 | noarch | thunderbird | < 1:31.8.0+build1-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | thunderbird | < 1:31.8.0+build1-0ubuntu0.14.04.1 | UNKNOWN |
ubuntu | 14.10 | noarch | thunderbird | < 1:31.8.0+build1-0ubuntu0.14.10.1 | UNKNOWN |
ubuntu | 15.04 | noarch | thunderbird | < 1:31.8.0+build1-0ubuntu0.15.04.1 | UNKNOWN |
www.mozilla.org/security/announce/2015/mfsa2015-66.html
bugzilla.mozilla.org/show_bug.cgi?id=1167356
launchpad.net/bugs/cve/CVE-2015-2738
nvd.nist.gov/vuln/detail/CVE-2015-2738
security-tracker.debian.org/tracker/CVE-2015-2738
ubuntu.com/security/notices/USN-2656-1
ubuntu.com/security/notices/USN-2656-2
ubuntu.com/security/notices/USN-2673-1
www.cve.org/CVERecord?id=CVE-2015-2738
www.mozilla.org/en-US/security/advisories/mfsa2015-66/