CVE-2015-2740
Last modified
CVE-2015-2740 is a vulnerability of currently unknown severity. Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors.. EPSS estimates a 5.55% chance of exploitation in the next 30 days.
Description
Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Mozilla | Thunderbird | <= 38.0.1 | — |
| Mozilla | Firefox | 31.0 | — |
| Mozilla | Firefox | 31.1.0 | — |
| Mozilla | Firefox | 31.1.1 | — |
| Mozilla | Firefox | 31.3.0 | — |
| Mozilla | Firefox | 31.5.1 | — |
| Mozilla | Firefox | 31.5.2 | — |
| Mozilla | Firefox | 31.5.3 | — |
| Mozilla | Firefox | 38.0 | — |
| Mozilla | Firefox Esr | 31.1 | — |
| Mozilla | Firefox Esr | 31.2 | — |
| Mozilla | Firefox Esr | 31.3 | — |
| Mozilla | Firefox Esr | 31.4 | — |
| Mozilla | Firefox Esr | 31.5 | — |
| Mozilla | Firefox Esr | 31.6.0 | — |
| Mozilla | Firefox Esr | 31.7.0 | — |
| Novell | Suse Linux Enterprise Software Development Kit | 12.0 | — |
| Canonical | Ubuntu Linux | 12.04 | — |
| Canonical | Ubuntu Linux | 14.04 | — |
| Canonical | Ubuntu Linux | 14.10 | — |
| Canonical | Ubuntu Linux | 15.04 | — |
| Debian | Debian Linux | 7.0 | — |
| Debian | Debian Linux | 8.0 | — |
| Novell | Suse Linux Enterprise Desktop | 12.0 | — |
| Novell | Suse Linux Enterprise Server | 11 | Sp4 |
| Novell | Suse Linux Enterprise Server | 12.0 | — |
| Mozilla | Firefox | <= 38.1.0 | — |
| Oracle | Solaris | 11.3 | — |
References
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.htmlThird Party Advisory
- http://www.debian.org/security/2015/dsa-3324Third Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlThird Party Advisory
- http://www.ubuntu.com/usn/USN-2673-1Third Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1170809Issue Tracking
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.htmlThird Party Advisory
- http://www.debian.org/security/2015/dsa-3324Third Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlThird Party Advisory
- http://www.ubuntu.com/usn/USN-2673-1Third Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1170809Issue Tracking
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-2740?
How severe is CVE-2015-2740?
How do I fix CVE-2015-2740?
Are you affected by CVE-2015-2740?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST