CVE-2015-2716

Mozilla Firefox < 38.0 and Firefox ESR 31.x < 31.7 - Remote Code Execution via XML Parser Buffer Overflow

Title source: llm

Description

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.

References (20)

Core 20

Core References

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2602-1

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2015-0988.html

Various Sources x_refsource_confirm

https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/74611

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2015/dsa-3264

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2015/dsa-3260

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html

Release Notes x_refsource_confirm

https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c

Third Party Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html

Vendor Advisory x_refsource_confirm

http://www.mozilla.org/security/announce/2015/mfsa2015-54.html

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2603-1

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2015-1012.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201605-06

Issue Tracking x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=1140537

Vendor Advisory x_refsource_confirm

https://kc.mcafee.com/corporate/index?page=content&id=SB10365

Third Party Advisory x_refsource_confirm

https://www.tenable.com/security/tns-2016-20

Scores

EPSS 0.0561

EPSS Percentile 90.4%

Details

CWE

CWE-119

Status published

Products (21)

mozilla/firefox 31.0

mozilla/firefox 31.1.0

mozilla/firefox 31.1.1

mozilla/firefox 31.3.0

mozilla/firefox 31.5.1

mozilla/firefox 31.5.2

mozilla/firefox 31.5.3

mozilla/firefox < 37.0.2

mozilla/firefox_esr 31.1

mozilla/firefox_esr 31.2

... and 11 more

Published May 14, 2015

Tracked Since Feb 18, 2026