CVE-2015-2735 — Mozilla Firefox vulnerability

CWE-179 documents7 sources

Severity

9.3CRITICALNVD

EPSS

1.2%

top 21.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird Canonical Ubuntu Linux +6 more

Timeline

PublishedJul 6

Latest updateMay 17

Description

nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages9 packages

▶Ubuntumozilla/firefox< 39.0+build5-0ubuntu0.14.04.1

▶NVDmozilla/firefox38.1.0+8

▶NVDmozilla/firefox_esr7 versions+6

▶Ubuntumozilla/thunderbird< 1:31.8.0+build1-0ubuntu0.14.04.1

▶NVDmozilla/thunderbird38.0.1

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 14.10, 15.04

🔴Vulnerability Details

GHSA

GHSA-6qq7-5fxv-2943: nsZipArchive↗2022-05-17

▶

CVEList

CVE-2015-2735: nsZipArchive↗2015-07-06

▶

OSV

CVE-2015-2735: nsZipArchive↗2015-07-05

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2015-07-20

▶

Ubuntu

Firefox vulnerabilities↗2015-07-15

▶

Ubuntu

Firefox vulnerabilities↗2015-07-09

▶

Red Hat

Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66)↗2015-07-02

▶

💬Community

Bugzilla

CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66)↗2015-06-30

▶