CVE-2015-2737

Advisory lineage Upstream: 0 Downstream: 15
Modified
Published: 06 Jul 2015, 01:00
Last modified:06 Aug 2024, 05:24

Vulnerability Summary

Overall Risk (default)
high
70/100
CVSS Score
10 HIGH
v2.0 (nvd)
EPSS Score
1.25% LOW
1% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

06 Jul 2015, 01:00
Published
Vulnerability first disclosed
06 Aug 2024, 05:24
Last Modified
Vulnerability information updated

Description

The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

CVSS Metrics

  • v2.0HIGHScore: 10AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 1.25% Percentile: 80%

Techniques & Countermeasures

  • CWE-17DEPRECATED: Code

    This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.

Affected Systems

  • canonicalubuntu_linux

    12.04 | 14.04 | 14.10 | 15.04

  • debiandebian_linux

    7.0 | 8.0

  • mozillafirefox

    31.0 | 31.1.0 | 31.1.1 | 31.3.0 | 31.5.1 | 31.5.2 | 31.5.3 | 38.0 | ≤ 38.1.0

  • mozillafirefox_esr

    31.1 | 31.2 | 31.3 | 31.4 | 31.5 | 31.6.0 | 31.7.0

  • mozillathunderbird

    ≤ 38.0.1

  • UnknownSolaris

    11.3

  • suselinux_enterprise_desktop

    12

  • suselinux_enterprise_server

    11:sp4

  • suselinux_enterprise_software_development_kit

    12

  • susesuse_linux_enterprise_server

    12

References (20)