CVE-2015-2737

Mozilla Firefox <39.0, Firefox ESR <31.8 & 38.1, Thunderbird <38.1 ...

Title source: llm

Description

The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

References (20)

Core 20

Core References

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2015-1455.html

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201512-10

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/75541

Third Party Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2015/dsa-3324

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2673-1

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1032784

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2015-1207.html

Vendor Advisory x_refsource_confirm

http://www.mozilla.org/security/announce/2015/mfsa2015-66.html

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

Issue Tracking x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=1167332

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2656-1

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1032783

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2015/dsa-3300

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2656-2

Third Party Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Scores

EPSS 0.0125

EPSS Percentile 79.6%

Details

CWE

CWE-17

Status published

Products (28)

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 14.10

canonical/ubuntu_linux 15.04

debian/debian_linux 7.0

debian/debian_linux 8.0

mozilla/firefox 31.0

mozilla/firefox 31.1.0

mozilla/firefox 31.1.1

mozilla/firefox 31.3.0

... and 18 more

Published Jul 06, 2015

Tracked Since Feb 18, 2026