CVE-2015-2710

Thunderbird < 31.7 - Remote Code Execution via SVG and CSS Token Sequence

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence.

References (17)

Core 17
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2602-1
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0988.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/74611
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1149542
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3264
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3260
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2603-1
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1012.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201605-06

Scores

EPSS 0.0242
EPSS Percentile 85.3%

Details

CWE
CWE-119
Status published
Products (20)
mozilla/firefox 31.0
mozilla/firefox 31.1.0
mozilla/firefox 31.1.1
mozilla/firefox 31.3.0
mozilla/firefox 31.5.1
mozilla/firefox 31.5.2
mozilla/firefox 31.5.3
mozilla/firefox < 37.0.2
mozilla/firefox_esr 31.1
mozilla/firefox_esr 31.2
... and 10 more
Published May 14, 2015
Tracked Since Feb 18, 2026