CVE-2015-2710

Advisory lineage Upstream: 0 Downstream: 13
Modified
Published: 14 May 2015, 10:00
Last modified:06 Aug 2024, 05:24

Vulnerability Summary

Overall Risk (default)
medium
28/100
CVSS Score
6.8 MEDIUM
v2.0 (nvd)
EPSS Score
2.42% LOW
2% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

14 May 2015, 10:00
Published
Vulnerability first disclosed
06 Aug 2024, 05:24
Last Modified
Vulnerability information updated

Description

Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence.

CVSS Metrics

  • v2.0MEDIUMScore: 6.8AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 2.42% Percentile: 85%

Techniques & Countermeasures

  • CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer

    The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Affected Systems

  • UnknownFirefox

    31.0 | 31.1.0 | 31.1.1 | 31.3.0 | 31.5.1 | 31.5.2 | 31.5.3 | ≤ 37.0.2

  • mozillafirefox_esr

    31.1 | 31.2 | 31.3 | 31.4 | 31.5 | 31.6.0

  • mozillathunderbird

    ≤ 31.5

  • novellsuse_linux_enterprise_desktop

    12.0

  • novellsuse_linux_enterprise_server

    12.0

  • novellsuse_linux_enterprise_software_development_kit

    12.0

  • opensuseopensuse

    13.1 | 13.2

References (17)