CVE-2015-2737

The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
http://rhn.redhat.com/errata/RHSA-2015-1207.html
http://rhn.redhat.com/errata/RHSA-2015-1455.html
http://www.debian.org/security/2015/dsa-3300
http://www.debian.org/security/2015/dsa-3324	Third Party Advisory
http://www.mozilla.org/security/announce/2015/mfsa2015-66.html	Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html	Third Party Advisory
http://www.securityfocus.com/bid/75541
http://www.securitytracker.com/id/1032783
http://www.securitytracker.com/id/1032784
http://www.ubuntu.com/usn/USN-2656-1
http://www.ubuntu.com/usn/USN-2656-2
http://www.ubuntu.com/usn/USN-2673-1	Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1167332	Issue Tracking
https://security.gentoo.org/glsa/201512-10

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox:31.0:::::::*
	cpe:2.3:a:mozilla:firefox:31.1.0:::::::*
	cpe:2.3:a:mozilla:firefox:31.1.1:::::::*
	cpe:2.3:a:mozilla:firefox:31.3.0:::::::*
	cpe:2.3:a:mozilla:firefox:31.5.1:::::::*
	cpe:2.3:a:mozilla:firefox:31.5.2:::::::*
	cpe:2.3:a:mozilla:firefox:31.5.3:::::::*
	cpe:2.3:a:mozilla:firefox:38.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.1:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.2:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.3:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.4:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.5:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.6.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.7.0:::::::*

Configuration 2 (hide)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*

Configuration 4 (hide)

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

Configuration 5 (hide)

OR	cpe:2.3:o:suse:linux_enterprise_desktop:12:::::::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:::::::*
	cpe:2.3:o:suse:suse_linux_enterprise_server:12:::::::*

Configuration 6 (hide)

OR	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*

Configuration 7 (hide)

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

History

22 Oct 2024, 13:54

Type	Values Removed	Values Added
CPE	cpe:2.3:a:mozilla:firefox_esr:31.5.1:::::::*	cpe:2.3:a:mozilla:firefox:31.5.1:::::::*

22 Oct 2024, 13:42

Type	Values Removed	Values Added
CPE	cpe:2.3:a:mozilla:firefox_esr:38.0:::::::*	cpe:2.3:a:mozilla:firefox:38.0:::::::*

21 Oct 2024, 13:55

Type	Values Removed	Values Added
CPE	cpe:2.3:a:mozilla:firefox_esr:31.1.0:::::::* cpe:2.3:a:mozilla:firefox_esr:31.0:::::::*	cpe:2.3:a:mozilla:firefox:31.1.0:::::::* cpe:2.3:a:mozilla:firefox:31.0:::::::*

21 Oct 2024, 13:11

Type	Values Removed	Values Added
CPE	cpe:2.3:a:mozilla:firefox_esr:31.3.0:::::::* cpe:2.3:a:mozilla:firefox_esr:31.5.2:::::::* cpe:2.3:a:mozilla:firefox_esr:31.1.1:::::::* cpe:2.3:a:mozilla:firefox_esr:31.5.3:::::::*	cpe:2.3:a:mozilla:firefox:31.5.2:::::::* cpe:2.3:a:mozilla:firefox:31.1.1:::::::* cpe:2.3:a:mozilla:firefox:31.3.0:::::::* cpe:2.3:a:mozilla:firefox:31.5.3:::::::*

Information

Published : 2015-07-06 02:01

Updated : 2024-10-22 13:54

NVD link : CVE-2015-2737

Mitre link : CVE-2015-2737

CVE.ORG link : CVE-2015-2737

JSON object : View

Products Affected

debian

debian_linux

mozilla

firefox_esr
thunderbird
firefox

canonical

ubuntu_linux

suse

suse_linux_enterprise_server
linux_enterprise_server
linux_enterprise_software_development_kit
linux_enterprise_desktop

oracle

solaris

CWE

CWE-17

DEPRECATED: Code

10.0 /10