CVE-2015-2716 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow CWE-190 — Integer Overflow or Wraparound13 documents7 sources

Severity

7.5HIGHNVD

CNA6.8OSV6.8

EPSS

5.6%

top 9.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR +5 more

Timeline

PublishedMay 14

Latest updateMay 13

Description

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages10 packages

▶Ubuntumozilla/firefox< 38.0+build3-0ubuntu0.14.04.1

▶NVDmozilla/firefox37.0.2+7

▶NVDmozilla/firefox_esr6 versions+5

▶Ubuntumozilla/thunderbird< 1:31.7.0+build1-0ubuntu0.14.04.1

▶NVDmozilla/thunderbird31.5

🔴Vulnerability Details

GHSA

GHSA-3pwf-x7h5-r7pj: Buffer overflow in the XML parser in Mozilla Firefox before 38↗2022-05-13

▶

CVEList

CVE-2015-2716: Buffer overflow in the XML parser in Mozilla Firefox before 38↗2015-05-14

▶

OSV

CVE-2015-2716: Buffer overflow in the XML parser in Mozilla Firefox before 38↗2015-05-13

▶

📋Vendor Advisories

Red Hat

expat: Undefined behavior and pointer overflows↗2016-05-15

▶

Red Hat

chromium-browser: Heap-buffer-overflow in expat.↗2015-07-21

▶

Ubuntu

Thunderbird vulnerabilities↗2015-05-18

▶

Ubuntu

Firefox vulnerabilities↗2015-05-13

▶

Red Hat

expat: Integer overflow leading to buffer overflow in XML_GetBuffer()↗2015-05-12

▶

💬Community

Bugzilla

CVE-2016-4472 expat: Undefined behavior and pointer overflows↗2016-06-09

▶

Bugzilla

CVE-2015-1283 chromium-browser: Heap-buffer-overflow in expat.↗2015-07-22

▶

Bugzilla

CVE-2015-2716 expat: Mozilla: Buffer overflow when parsing compressed XML (MFSA 2015-54) [fedora-all]↗2015-06-17

▶

Bugzilla

CVE-2015-2716 expat: Integer overflow leading to buffer overflow in XML_GetBuffer()↗2015-05-12

▶