CVE-2015-2735 — HIGH (9.3) — White Hats Nepal

Q: How severe is CVE-2015-2735?

CVE-2015-2735 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-2735?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Firefox Esr, Mozilla Thunderbird, Novell Suse Linux Enterprise Software Development Kit, Canonical Ubuntu Linux.

Vulnerability Description

nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	<= 38.1.0
Mozilla	Firefox Esr	31.1
Mozilla	Thunderbird	<= 38.0.1
Novell	Suse Linux Enterprise Software Development Kit	12.0
Canonical	Ubuntu Linux	12.04
Debian	Debian Linux	8.0
Novell	Suse Linux Enterprise Desktop	12.0
Novell	Suse Linux Enterprise Server	11
Oracle	Solaris	11.3

Related Weaknesses (CWE)

CWE-17

References

FAQ

What is CVE-2015-2735?

CVE-2015-2735 is a vulnerability with a CVSS score of 9.3 (HIGH). nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to h...

How severe is CVE-2015-2735?

CVE-2015-2735 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-2735?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Firefox Esr, Mozilla Thunderbird, Novell Suse Linux Enterprise Software Development Kit, Canonical Ubuntu Linux.