CVE-2015-2740

CVSS v2.0 10 (High)

EPSS 4.57 % (93^th)

Affected Products 9

Advisories 15

Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors.

Weaknesses

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2015-07-06 02:01:08
(9 years ago)
Updated Date: 2023-09-12 14:55:31
(12 months ago)

Affected Products

Canonical

Ubuntu Linux

Debian

Debian Linux

Mozilla

Novell

Oracle

Solaris

Configuration #1

		CPE23	From	Up To
	Mozilla Thunderbird 38.0.1 and prior versions	cpe:2.3:a:mozilla:thunderbird		<= 38.0.1

Configuration #2

		CPE23	From	Up To
	Mozilla Firefox Esr 31.0	cpe:2.3:a:mozilla:firefox_esr:31.0
	Mozilla Firefox Esr 31.1	cpe:2.3:a:mozilla:firefox_esr:31.1
	Mozilla Firefox Esr 31.1.0	cpe:2.3:a:mozilla:firefox_esr:31.1.0
	Mozilla Firefox Esr 31.1.1	cpe:2.3:a:mozilla:firefox_esr:31.1.1
	Mozilla Firefox Esr 31.2	cpe:2.3:a:mozilla:firefox_esr:31.2
	Mozilla Firefox Esr 31.3	cpe:2.3:a:mozilla:firefox_esr:31.3
	Mozilla Firefox Esr 31.3.0	cpe:2.3:a:mozilla:firefox_esr:31.3.0
	Mozilla Firefox Esr 31.4	cpe:2.3:a:mozilla:firefox_esr:31.4
	Mozilla Firefox Esr 31.5	cpe:2.3:a:mozilla:firefox_esr:31.5
	Mozilla Firefox Esr 31.5.1	cpe:2.3:a:mozilla:firefox_esr:31.5.1
	Mozilla Firefox Esr 31.5.2	cpe:2.3:a:mozilla:firefox_esr:31.5.2
	Mozilla Firefox Esr 31.5.3	cpe:2.3:a:mozilla:firefox_esr:31.5.3
	Mozilla Firefox Esr 31.6.0	cpe:2.3:a:mozilla:firefox_esr:31.6.0
	Mozilla Firefox Esr 31.7.0	cpe:2.3:a:mozilla:firefox_esr:31.7.0
	Mozilla Firefox Esr 38.0	cpe:2.3:a:mozilla:firefox_esr:38.0

Configuration #3

		CPE23	From	Up To
	Novell Suse Linux Enterprise Software Development Kit 12.0	cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0
	Canonical Ubuntu Linux 12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04:::*:lts
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:lts
	Canonical Ubuntu Linux 14.10	cpe:2.3:o:canonical:ubuntu_linux:14.10
	Canonical Ubuntu Linux 15.04	cpe:2.3:o:canonical:ubuntu_linux:15.04
	Debian Linux 7.0	cpe:2.3:o:debian:debian_linux:7.0
	Debian Linux 8.0	cpe:2.3:o:debian:debian_linux:8.0
	Novell Suse Linux Enterprise Desktop 12.0	cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0
	Novell Suse Linux Enterprise Server 11 SP4	cpe:2.3:o:novell:suse_linux_enterprise_server:11:sp4
	Novell Suse Linux Enterprise Server 12.0	cpe:2.3:o:novell:suse_linux_enterprise_server:12.0

Configuration #4

		CPE23	From	Up To
	Mozilla Firefox 38.1.0 and prior versions	cpe:2.3:a:mozilla:firefox		<= 38.1.0

Configuration #5

		CPE23	From	Up To
	Oracle Solaris 11.3	cpe:2.3:o:oracle:solaris:11.3