Vulnerability Description
Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Suse Linux Enterprise Software Development Kit | 12.0 |
| Novell | Suse Linux Enterprise Desktop | 12.0 |
| Novell | Suse Linux Enterprise Server | 12.0 |
| Opensuse | Opensuse | 13.1 |
| Mozilla | Firefox | <= 37.0.2 |
| Mozilla | Thunderbird | <= 31.5 |
| Mozilla | Firefox Esr | 31.1 |
References
- http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
- http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html
- http://rhn.redhat.com/errata/RHSA-2015-0988.html
- http://rhn.redhat.com/errata/RHSA-2015-1012.html
- http://www.debian.org/security/2015/dsa-3260
- http://www.debian.org/security/2015/dsa-3264
- http://www.mozilla.org/security/announce/2015/mfsa2015-51.htmlVendor Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securityfocus.com/bid/74611
- http://www.ubuntu.com/usn/USN-2602-1
- http://www.ubuntu.com/usn/USN-2603-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1153478
FAQ
What is CVE-2015-2713?
CVE-2015-2713 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or ca...
How severe is CVE-2015-2713?
CVE-2015-2713 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2713?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Suse Linux Enterprise Software Development Kit, Novell Suse Linux Enterprise Desktop, Novell Suse Linux Enterprise Server, Opensuse Opensuse, Mozilla Firefox.