CVE-2015-2710: Buffer Overflow
First published: Thu May 14 2015(Updated: )
Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Thunderbird | <=31.5 | |
| Mozilla Firefox ESR | =31.0 | |
| Mozilla Firefox ESR | =31.1 | |
| Mozilla Firefox ESR | =31.1.0 | |
| Mozilla Firefox ESR | =31.1.1 | |
| Mozilla Firefox ESR | =31.2 | |
| Mozilla Firefox ESR | =31.3 | |
| Mozilla Firefox ESR | =31.3.0 | |
| Mozilla Firefox ESR | =31.4 | |
| Mozilla Firefox ESR | =31.5 | |
| Mozilla Firefox ESR | =31.5.1 | |
| Mozilla Firefox ESR | =31.5.2 | |
| Mozilla Firefox ESR | =31.5.3 | |
| Mozilla Firefox ESR | =31.6.0 | |
| SUSE Linux Enterprise Software Development Kit | =12.0 | |
| SUSE Linux Enterprise Desktop | =12.0 | |
| SUSE Linux Enterprise Server | =12.0 | |
| openSUSE | =13.1 | |
| openSUSE | =13.2 | |
| Mozilla Firefox | <=37.0.2 | |
| Mozilla Firefox | =31.0 | |
| Mozilla Firefox | =31.1.0 | |
| Mozilla Firefox | =31.1.1 | |
| Mozilla Firefox | =31.3.0 | |
| Mozilla Firefox | =31.5.1 | |
| Mozilla Firefox | =31.5.2 | |
| Mozilla Firefox | =31.5.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
- http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html
- http://rhn.redhat.com/errata/RHSA-2015-0988.html
- http://rhn.redhat.com/errata/RHSA-2015-1012.html
- http://www.debian.org/security/2015/dsa-3260
- http://www.debian.org/security/2015/dsa-3264
- http://www.mozilla.org/security/announce/2015/mfsa2015-48.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securityfocus.com/bid/74611
- http://www.ubuntu.com/usn/USN-2602-1
- http://www.ubuntu.com/usn/USN-2603-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1149542
- https://security.gentoo.org/glsa/201605-06
- https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7
- agent/author
- agent/type
- agent/severity
- agent/references
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/mozilla
- canonical/mozilla thunderbird
- version/mozilla thunderbird/31.5
- canonical/mozilla firefox esr
- version/mozilla firefox esr/31.0
- version/mozilla firefox esr/31.1
- version/mozilla firefox esr/31.1.0
- version/mozilla firefox esr/31.1.1
- version/mozilla firefox esr/31.2
- version/mozilla firefox esr/31.3
- version/mozilla firefox esr/31.3.0
- version/mozilla firefox esr/31.4
- version/mozilla firefox esr/31.5
- version/mozilla firefox esr/31.5.1
- version/mozilla firefox esr/31.5.2
- version/mozilla firefox esr/31.5.3
- version/mozilla firefox esr/31.6.0
- vendor/novell
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/12.0
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/12.0
- canonical/suse linux enterprise server
- version/suse linux enterprise server/12.0
- vendor/opensuse
- canonical/opensuse
- version/opensuse/13.1
- version/opensuse/13.2
- canonical/mozilla firefox
- version/mozilla firefox/37.0.2
- version/mozilla firefox/31.0
- version/mozilla firefox/31.1.0
- version/mozilla firefox/31.1.1
- version/mozilla firefox/31.3.0
- version/mozilla firefox/31.5.1
- version/mozilla firefox/31.5.2
- version/mozilla firefox/31.5.3