CVE-2015-2708

Advisory lineage Upstream: 0 Downstream: 13

Downstream

DSA-3260-1 DSA-3264-1 MGASA-2015-0234 MGASA-2015-0342 OPENSUSE-SU-2024:10071-1 OPENSUSE-SU-2024:10230-1

Modified

Published: 14 May 2015, 10:00

Last modified:06 Aug 2024, 05:24

Vulnerability Summary

Overall Risk (default)

medium

30/100

CVSS Score

7.5 HIGH

v2.0 (nvd)

EPSS Score

1.33% LOW

1% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

14 May 2015, 10:00

Published

Vulnerability first disclosed

06 Aug 2024, 05:24

Last Modified

Vulnerability information updated

Description

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVSS Metrics

v2.0•HIGH•Score: 7.5AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 1.33%• Percentile: 80%

Affected Systems

Unknown•Firefox
≤ 37.0.2 | 31.0 | 31.1.0 | 31.1.1 | 31.3.0 | 31.5.1 | 31.5.2 | 31.5.3
mozilla•firefox_esr
31.1 | 31.2 | 31.3 | 31.4 | 31.5 | 31.6.0
mozilla•thunderbird
≤ 31.5
novell•suse_linux_enterprise_desktop
12.0
novell•suse_linux_enterprise_server
12.0
novell•suse_linux_enterprise_software_development_kit
12.0
opensuse•opensuse
13.1 | 13.2