CVE-2015-2735

Advisory lineage Upstream: 0 Downstream: 15
Modified
Published: 06 Jul 2015, 01:00
Last modified:06 Aug 2024, 05:24

Vulnerability Summary

Overall Risk (default)
high
70/100
CVSS Score
9.3 HIGH
v2.0 (nvd)
EPSS Score
1.6% LOW
2% probability +0.41%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

06 Jul 2015, 01:00
Published
Vulnerability first disclosed
06 Aug 2024, 05:24
Last Modified
Vulnerability information updated

Description

nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.

CVSS Metrics

  • v2.0HIGHScore: 9.3AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 1.60% Percentile: 82%

Techniques & Countermeasures

  • CWE-17DEPRECATED: Code

    This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.

Affected Systems

  • canonicalubuntu_linux

    12.04 | 14.04 | 14.10 | 15.04

  • debiandebian_linux

    8.0

  • mozillafirefox

    ≤ 38.1.0 | 31.0 | 31.1.0 | 31.1.1 | 31.3.0 | 31.5.1 | 31.5.2 | 31.5.3 | 38.0

  • mozillafirefox_esr

    31.1 | 31.2 | 31.3 | 31.4 | 31.5 | 31.6.0 | 31.7.0

  • mozillathunderbird

    ≤ 38.0.1

  • novellsuse_linux_enterprise_desktop

    12.0

  • novellsuse_linux_enterprise_server

    11:sp4 | 12.0

  • novellsuse_linux_enterprise_software_development_kit

    12.0

  • UnknownSolaris

    11.3

References (20)