First published: Thu May 14 2015(Updated: )
Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence.
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Thunderbird | <=31.5 | |
Mozilla Firefox ESR | =31.0 | |
Mozilla Firefox ESR | =31.1 | |
Mozilla Firefox ESR | =31.1.0 | |
Mozilla Firefox ESR | =31.1.1 | |
Mozilla Firefox ESR | =31.2 | |
Mozilla Firefox ESR | =31.3 | |
Mozilla Firefox ESR | =31.3.0 | |
Mozilla Firefox ESR | =31.4 | |
Mozilla Firefox ESR | =31.5 | |
Mozilla Firefox ESR | =31.5.1 | |
Mozilla Firefox ESR | =31.5.2 | |
Mozilla Firefox ESR | =31.5.3 | |
Mozilla Firefox ESR | =31.6.0 | |
Novell Suse Linux Enterprise Software Development Kit | =12.0 | |
Novell Suse Linux Enterprise Desktop | =12.0 | |
Novell Suse Linux Enterprise Server | =12.0 | |
openSUSE openSUSE | =13.1 | |
openSUSE openSUSE | =13.2 | |
Mozilla Firefox | <=37.0.2 | |
Mozilla Firefox | =31.0 | |
Mozilla Firefox | =31.1.0 | |
Mozilla Firefox | =31.1.1 | |
Mozilla Firefox | =31.3.0 | |
Mozilla Firefox | =31.5.1 | |
Mozilla Firefox | =31.5.2 | |
Mozilla Firefox | =31.5.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.