CVE-2015-2735

CVSS v2.0 9.3 (High)

EPSS 1.03 % (84^th)

Affected Products 9

Advisories 15

nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.

Weaknesses

CWE-17: DEPRECATED: Code

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2015-07-06 02:01:04
(9 years ago)
Updated Date: 2023-09-12 14:55:31
(12 months ago)

Affected Products

Canonical

Ubuntu Linux

Debian

Debian Linux

Mozilla

Novell

Oracle

Solaris

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox 38.1.0 and prior versions	cpe:2.3:a:mozilla:firefox		<= 38.1.0

Configuration #2

		CPE23	From	Up To
	Mozilla Firefox Esr 31.0	cpe:2.3:a:mozilla:firefox_esr:31.0
	Mozilla Firefox Esr 31.1	cpe:2.3:a:mozilla:firefox_esr:31.1
	Mozilla Firefox Esr 31.1.0	cpe:2.3:a:mozilla:firefox_esr:31.1.0
	Mozilla Firefox Esr 31.1.1	cpe:2.3:a:mozilla:firefox_esr:31.1.1
	Mozilla Firefox Esr 31.2	cpe:2.3:a:mozilla:firefox_esr:31.2
	Mozilla Firefox Esr 31.3	cpe:2.3:a:mozilla:firefox_esr:31.3
	Mozilla Firefox Esr 31.3.0	cpe:2.3:a:mozilla:firefox_esr:31.3.0
	Mozilla Firefox Esr 31.4	cpe:2.3:a:mozilla:firefox_esr:31.4
	Mozilla Firefox Esr 31.5	cpe:2.3:a:mozilla:firefox_esr:31.5
	Mozilla Firefox Esr 31.5.1	cpe:2.3:a:mozilla:firefox_esr:31.5.1
	Mozilla Firefox Esr 31.5.2	cpe:2.3:a:mozilla:firefox_esr:31.5.2
	Mozilla Firefox Esr 31.5.3	cpe:2.3:a:mozilla:firefox_esr:31.5.3
	Mozilla Firefox Esr 31.6.0	cpe:2.3:a:mozilla:firefox_esr:31.6.0
	Mozilla Firefox Esr 31.7.0	cpe:2.3:a:mozilla:firefox_esr:31.7.0
	Mozilla Firefox Esr 38.0	cpe:2.3:a:mozilla:firefox_esr:38.0

Configuration #3

		CPE23	From	Up To
	Mozilla Thunderbird 38.0.1 and prior versions	cpe:2.3:a:mozilla:thunderbird		<= 38.0.1

Configuration #4

		CPE23	From	Up To
	Novell Suse Linux Enterprise Software Development Kit 12.0	cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0
	Canonical Ubuntu Linux 12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04:::*:lts
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:lts
	Canonical Ubuntu Linux 14.10	cpe:2.3:o:canonical:ubuntu_linux:14.10
	Canonical Ubuntu Linux 15.04	cpe:2.3:o:canonical:ubuntu_linux:15.04
	Debian Linux 8.0	cpe:2.3:o:debian:debian_linux:8.0
	Novell Suse Linux Enterprise Desktop 12.0	cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0
	Novell Suse Linux Enterprise Server 11 SP4	cpe:2.3:o:novell:suse_linux_enterprise_server:11:sp4
	Novell Suse Linux Enterprise Server 12.0	cpe:2.3:o:novell:suse_linux_enterprise_server:12.0

Configuration #5

		CPE23	From	Up To
	Oracle Solaris 11.3	cpe:2.3:o:oracle:solaris:11.3