CVE-2015-2738 — Mozilla Firefox vulnerability

CWE-179 documents7 sources

Severity

10.0CRITICALNVD

EPSS

1.3%

top 20.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird Canonical Ubuntu Linux +7 more

Timeline

PublishedJul 6

Latest updateMay 14

Description

The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages10 packages

▶Ubuntumozilla/firefox< 39.0+build5-0ubuntu0.14.04.1

▶NVDmozilla/firefox38.1.0+8

▶NVDmozilla/firefox_esr7 versions+6

▶Ubuntumozilla/thunderbird< 1:31.8.0+build1-0ubuntu0.14.04.1

▶NVDmozilla/thunderbird38.0.1

Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 12.04, 14.04, 14.10, 15.04

🔴Vulnerability Details

GHSA

GHSA-9q2m-347h-6768: The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39↗2022-05-14

▶

CVEList

CVE-2015-2738: The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39↗2015-07-06

▶

OSV

CVE-2015-2738: The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39↗2015-07-05

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2015-07-20

▶

Ubuntu

Firefox vulnerabilities↗2015-07-15

▶

Ubuntu

Firefox vulnerabilities↗2015-07-09

▶

Red Hat

Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66)↗2015-07-02

▶

💬Community

Bugzilla

CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66)↗2015-06-30

▶