First published: Mon Jul 06 2015(Updated: )
Last updated 24 July 2024
Credit: security@mozilla.org security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/icedove | ||
debian/iceweasel | ||
Firefox | <=38.1.0 | |
Thunderbird | <=38.0.1 | |
Firefox | =31.0 | |
Firefox | =31.1.0 | |
Firefox | =31.1.1 | |
Firefox | =31.3.0 | |
Firefox | =31.5.1 | |
Firefox | =31.5.2 | |
Firefox | =31.5.3 | |
Firefox | =38.0 | |
Firefox ESR | =31.1 | |
Firefox ESR | =31.2 | |
Firefox ESR | =31.3 | |
Firefox ESR | =31.4 | |
Firefox ESR | =31.5 | |
Firefox ESR | =31.6.0 | |
Firefox ESR | =31.7.0 | |
Oracle Solaris and Zettabyte File System (ZFS) | =11.3 | |
SUSE Linux Enterprise Software Development Kit | =12.0 | |
Ubuntu | =12.04 | |
Ubuntu | =14.04 | |
Ubuntu | =14.10 | |
Ubuntu | =15.04 | |
Debian Linux | =7.0 | |
Debian Linux | =8.0 | |
SUSE Linux Enterprise Desktop | =12.0 | |
SUSE Linux Enterprise Server | =11-sp4 | |
SUSE Linux Enterprise Server | =12.0 | |
Firefox ESR | =31.0 | |
Firefox ESR | =31.1.0 | |
Firefox ESR | =31.1.1 | |
Firefox ESR | =31.3.0 | |
Firefox ESR | =31.5.1 | |
Firefox ESR | =31.5.2 | |
Firefox ESR | =31.5.3 | |
Firefox ESR | =38.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-2736 is a vulnerability in Mozilla Firefox, Firefox ESR, and Thunderbird that allows remote attackers to access unintended memory locations via a crafted ZIP archive.
Mozilla Firefox versions before 39.0, Firefox ESR versions before 31.8 and 38.x before 38.1, and Thunderbird versions before 38.1 are affected by CVE-2015-2736.
CVE-2015-2736 has a severity rating of 9.3, which is considered critical.
To fix CVE-2015-2736, you should update Mozilla Firefox to version 39.0 or later, Firefox ESR to version 31.8 or later, and Thunderbird to version 38.1 or later.
You can find more information about CVE-2015-2736 at the following links: [link1], [link2], [link3].