Vulnerability Description
Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 37.0.2 |
| Novell | Suse Linux Enterprise Software Development Kit | 12.0 |
| Novell | Suse Linux Enterprise Desktop | 12.0 |
| Novell | Suse Linux Enterprise Server | 12.0 |
| Opensuse | Opensuse | 13.1 |
| Mozilla | Thunderbird | <= 31.5 |
| Oracle | Solaris | 11.3 |
| Mozilla | Firefox Esr | 31.1 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
- http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-0988.html
- http://rhn.redhat.com/errata/RHSA-2015-1012.html
- http://www.debian.org/security/2015/dsa-3260
- http://www.debian.org/security/2015/dsa-3264
- http://www.mozilla.org/security/announce/2015/mfsa2015-54.htmlVendor Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
- http://www.securityfocus.com/bid/74611
- http://www.ubuntu.com/usn/USN-2602-1
- http://www.ubuntu.com/usn/USN-2603-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1140537Issue Tracking
FAQ
What is CVE-2015-2716?
CVE-2015-2716 is a vulnerability with a CVSS score of 7.5 (HIGH). Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amoun...
How severe is CVE-2015-2716?
CVE-2015-2716 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2716?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Novell Suse Linux Enterprise Software Development Kit, Novell Suse Linux Enterprise Desktop, Novell Suse Linux Enterprise Server, Opensuse Opensuse.