CVE-2015-2710Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents7 sources
Severity
6.8MEDIUMNVD
EPSS
2.4%
top 14.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Mozilla FirefoxMozilla ThunderbirdMozilla Firefox ESR+4 more
Timeline
PublishedMay 14
Latest updateMay 14

Description

Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages9 packages

Ubuntumozilla/firefox< 38.0+build3-0ubuntu0.14.04.1
NVDmozilla/firefox37.0.2+7
NVDmozilla/firefox_esr6 versions+5
Ubuntumozilla/thunderbird< 1:31.7.0+build1-0ubuntu0.14.04.1

🔴Vulnerability Details

4
GHSA
GHSA-pcp3-jm9x-325w: Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 382022-05-14
OSV
openssh regression2015-08-18
CVEList
CVE-2015-2710: Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 382015-05-14
OSV
CVE-2015-2710: Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 382015-05-13

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2015-05-18
Ubuntu
Firefox vulnerabilities2015-05-13
Red Hat
Mozilla: Buffer overflow with SVG content and CSS (MFSA 2015-48)2015-05-12

💬Community

1
Bugzilla
CVE-2015-2710 Mozilla: Buffer overflow with SVG content and CSS (MFSA 2015-48)2015-05-12
CVE-2015-2710 — Mozilla Firefox vulnerability | cvebase