CVE-2015-2740Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents7 sources
Severity
10.0CRITICALNVD
EPSS
3.5%
top 12.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Mozilla FirefoxMozilla ThunderbirdCanonical Ubuntu Linux+6 more
Timeline
PublishedJul 6
Latest updateMay 17

Description

Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages9 packages

Ubuntumozilla/firefox< 39.0+build5-0ubuntu0.14.04.1
NVDmozilla/firefox38.1.0+8
NVDmozilla/firefox_esr7 versions+6
Ubuntumozilla/thunderbird< 1:31.8.0+build1-0ubuntu0.14.04.1

Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 12.04, 14.04, 14.10, 15.04

🔴Vulnerability Details

3
GHSA
GHSA-j72f-qxgj-jcpp: Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 392022-05-17
CVEList
CVE-2015-2740: Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 392015-07-06
OSV
CVE-2015-2740: Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 392015-07-05

📋Vendor Advisories

4
Ubuntu
Thunderbird vulnerabilities2015-07-20
Ubuntu
Firefox vulnerabilities2015-07-15
Ubuntu
Firefox vulnerabilities2015-07-09
Red Hat
Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66)2015-07-02

💬Community

1
Bugzilla
CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66)2015-06-30
CVE-2015-2740 — Mozilla Firefox vulnerability | cvebase