CVE-2015-2716
published 2015-05-14CVE-2015-2716: Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.
Affected
54 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | expat | < expat 2.1.1-2 (bookworm) | expat 2.1.1-2 (bookworm) |
| debian | expat | < expat 2.1.0-7 (bookworm) | expat 2.1.0-7 (bookworm) |
| debian | libxmltok | < expat 2.1.1-2 (bookworm) | expat 2.1.1-2 (bookworm) |
| debian | libxmltok | < expat 2.1.0-7 (bookworm) | expat 2.1.0-7 (bookworm) |
| chrome | <= 43.0.2357.134 | — | |
| libexpat_project | libexpat | <= 2.1.0 | — |
| libexpat_project | libexpat | <= 2.1.1 | — |
| mcafee | policy_auditor | < 6.5.1 | 6.5.1 |
| mozilla | firefox | <= 37.0.2 | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 38.0+build3-0ubuntu0.14.04.1 | 38.0+build3-0ubuntu0.14.04.1 |
| mozilla | firefox_esr | — | — |
| mozilla | firefox_esr | — | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH