csaf_suse - suse-su-2015:2336-1

suse-su-2015:2336-1

Vulnerability from csaf_suse

Published

2015-12-21 16:19

Modified

2015-12-21 16:19

Summary

Security update for MozillaFirefox

Notes

Title of the patch

Security update for MozillaFirefox

Description of the patch

MozillaFirefox was updated to version 38.5.0 ESR. It fixes the following security issues: * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5) * MFSA 2015-138/CVE-2015-7210 Use-after-free in WebRTC when datachannel is used after being destroyed * MFSA 2015-139/CVE-2015-7212 Integer overflow allocating extremely large textures * MFSA 2015-145/CVE-2015-7205 Underflow through code inspection * MFSA 2015-146/CVE-2015-7213 Integer overflow in MP4 playback in 64-bit versions * MFSA 2015-147/CVE-2015-7222 Integer underflow and buffer overflow processing MP4 metadata in libstagefright * MFSA 2015-149/CVE-2015-7214 Cross-site reading attack through data and view-source URIs

Patchnames

slessp2-MozillaFirefox-12275

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for MozillaFirefox",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nMozillaFirefox was updated to version 38.5.0 ESR.\n\nIt fixes the following security issues:\n\n* MFSA 2015-134/CVE-2015-7201/CVE-2015-7202\n  Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)\n* MFSA 2015-138/CVE-2015-7210\n  Use-after-free in WebRTC when datachannel is used after being\n  destroyed\n* MFSA 2015-139/CVE-2015-7212\n  Integer overflow allocating extremely large textures\n* MFSA 2015-145/CVE-2015-7205\n  Underflow through code inspection\n* MFSA 2015-146/CVE-2015-7213\n  Integer overflow in MP4 playback in 64-bit versions\n* MFSA 2015-147/CVE-2015-7222\n  Integer underflow and buffer overflow processing MP4 metadata\n  in libstagefright\n* MFSA 2015-149/CVE-2015-7214\n  Cross-site reading attack through data and view-source URIs\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "slessp2-MozillaFirefox-12275",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_2336-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2015:2336-1",
        "url": "https://www.suse.com/support/update/announcement/2015/suse-su-20152336-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2015:2336-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2015-December/001750.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 959277",
        "url": "https://bugzilla.suse.com/959277"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-7201 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-7201/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-7202 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-7202/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-7205 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-7205/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-7210 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-7210/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-7212 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-7212/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-7213 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-7213/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-7214 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-7214/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-7222 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-7222/"
      }
    ],
    "title": "Security update for MozillaFirefox",
    "tracking": {
      "current_release_date": "2015-12-21T16:19:48Z",
      "generator": {
        "date": "2015-12-21T16:19:48Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2015:2336-1",
      "initial_release_date": "2015-12-21T16:19:48Z",
      "revision_history": [
        {
          "date": "2015-12-21T16:19:48Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-38.5.0esr-28.2.i586",
                "product": {
                  "name": "MozillaFirefox-38.5.0esr-28.2.i586",
                  "product_id": "MozillaFirefox-38.5.0esr-28.2.i586"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-38.5.0esr-28.2.i586",
                "product": {
                  "name": "MozillaFirefox-translations-38.5.0esr-28.2.i586",
                  "product_id": "MozillaFirefox-translations-38.5.0esr-28.2.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-38.5.0esr-28.2.s390x",
                "product": {
                  "name": "MozillaFirefox-38.5.0esr-28.2.s390x",
                  "product_id": "MozillaFirefox-38.5.0esr-28.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-38.5.0esr-28.2.s390x",
                "product": {
                  "name": "MozillaFirefox-translations-38.5.0esr-28.2.s390x",
                  "product_id": "MozillaFirefox-translations-38.5.0esr-28.2.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-38.5.0esr-28.2.x86_64",
                "product": {
                  "name": "MozillaFirefox-38.5.0esr-28.2.x86_64",
                  "product_id": "MozillaFirefox-38.5.0esr-28.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-38.5.0esr-28.2.x86_64",
                "product": {
                  "name": "MozillaFirefox-translations-38.5.0esr-28.2.x86_64",
                  "product_id": "MozillaFirefox-translations-38.5.0esr-28.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP2-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP2-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_sles_ltss:11:sp2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-38.5.0esr-28.2.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.i586"
        },
        "product_reference": "MozillaFirefox-38.5.0esr-28.2.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-38.5.0esr-28.2.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.s390x"
        },
        "product_reference": "MozillaFirefox-38.5.0esr-28.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-38.5.0esr-28.2.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.x86_64"
        },
        "product_reference": "MozillaFirefox-38.5.0esr-28.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-38.5.0esr-28.2.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.i586"
        },
        "product_reference": "MozillaFirefox-translations-38.5.0esr-28.2.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-38.5.0esr-28.2.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.s390x"
        },
        "product_reference": "MozillaFirefox-translations-38.5.0esr-28.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-38.5.0esr-28.2.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.x86_64"
        },
        "product_reference": "MozillaFirefox-translations-38.5.0esr-28.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-7201",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-7201"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.i586",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.s390x",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.i586",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.s390x",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-7201",
          "url": "https://www.suse.com/security/cve/CVE-2015-7201"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 959277 for CVE-2015-7201",
          "url": "https://bugzilla.suse.com/959277"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.i586",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.s390x",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.i586",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.s390x",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-12-21T16:19:48Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2015-7201"
    },
    {
      "cve": "CVE-2015-7202",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-7202"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.i586",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.s390x",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.i586",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.s390x",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-7202",
          "url": "https://www.suse.com/security/cve/CVE-2015-7202"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 959277 for CVE-2015-7202",
          "url": "https://bugzilla.suse.com/959277"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.i586",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.s390x",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.i586",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.s390x",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-12-21T16:19:48Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2015-7202"
    },
    {
      "cve": "CVE-2015-7205",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-7205"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.i586",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.s390x",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.i586",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.s390x",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-7205",
          "url": "https://www.suse.com/security/cve/CVE-2015-7205"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 959277 for CVE-2015-7205",
          "url": "https://bugzilla.suse.com/959277"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.i586",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.s390x",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.i586",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.s390x",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-12-21T16:19:48Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2015-7205"
    },
    {
      "cve": "CVE-2015-7210",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-7210"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.i586",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.s390x",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.i586",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.s390x",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-7210",
          "url": "https://www.suse.com/security/cve/CVE-2015-7210"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 959277 for CVE-2015-7210",
          "url": "https://bugzilla.suse.com/959277"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.i586",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.s390x",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.i586",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.s390x",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-12-21T16:19:48Z",
          "details": "important"
        }
      ],
      "title": "CVE-2015-7210"
    },
    {
      "cve": "CVE-2015-7212",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-7212"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.i586",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.s390x",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.i586",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.s390x",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-7212",
          "url": "https://www.suse.com/security/cve/CVE-2015-7212"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 959277 for CVE-2015-7212",
          "url": "https://bugzilla.suse.com/959277"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.i586",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.s390x",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.i586",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.s390x",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-12-21T16:19:48Z",
          "details": "important"
        }
      ],
      "title": "CVE-2015-7212"
    },
    {
      "cve": "CVE-2015-7213",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-7213"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.i586",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.s390x",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.i586",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.s390x",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-7213",
          "url": "https://www.suse.com/security/cve/CVE-2015-7213"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 959277 for CVE-2015-7213",
          "url": "https://bugzilla.suse.com/959277"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.i586",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.s390x",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.i586",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.s390x",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-12-21T16:19:48Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-7213"
    },
    {
      "cve": "CVE-2015-7214",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-7214"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.i586",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.s390x",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.i586",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.s390x",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-7214",
          "url": "https://www.suse.com/security/cve/CVE-2015-7214"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 959277 for CVE-2015-7214",
          "url": "https://bugzilla.suse.com/959277"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.i586",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.s390x",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.i586",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.s390x",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-12-21T16:19:48Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-7214"
    },
    {
      "cve": "CVE-2015-7222",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-7222"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.i586",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.s390x",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.i586",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.s390x",
          "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-7222",
          "url": "https://www.suse.com/security/cve/CVE-2015-7222"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 959277 for CVE-2015-7222",
          "url": "https://bugzilla.suse.com/959277"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.i586",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.s390x",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.5.0esr-28.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.i586",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.s390x",
            "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.5.0esr-28.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-12-21T16:19:48Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-7222"
    }
  ]
}

CVE-2015-7214 (GCVE-0-2015-7214)

Vulnerability from cvelistv5

Published

2015-12-16 11:00

Modified

2024-08-06 07:43

Severity ?

CWE

Summary

Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs.

References

►

URL

Tags

	http://www.mozilla.org/security/announce/2015/mfsa2015-149.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2016/dsa-3432	vendor-advisory, x_refsource_DEBIAN
	https://bugzilla.mozilla.org/show_bug.cgi?id=1228950	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/79279	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/201512-10	vendor-advisory, x_refsource_GENTOO
	http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html	vendor-advisory, x_refsource_FEDORA
	http://www.ubuntu.com/usn/USN-2859-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2833-1	vendor-advisory, x_refsource_UBUNTU
	http://rhn.redhat.com/errata/RHSA-2015-2657.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html	vendor-advisory, x_refsource_SUSE
	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html	vendor-advisory, x_refsource_FEDORA
	http://www.securitytracker.com/id/1034426	vdb-entry, x_refsource_SECTRACK
	http://www.debian.org/security/2015/dsa-3422	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:43:46.148Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-149.html"
          },
          {
            "name": "SUSE-SU-2015:2334",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html"
          },
          {
            "name": "openSUSE-SU-2015:2380",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html"
          },
          {
            "name": "DSA-3432",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3432"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1228950"
          },
          {
            "name": "79279",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/79279"
          },
          {
            "name": "SUSE-SU-2015:2335",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html"
          },
          {
            "name": "GLSA-201512-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201512-10"
          },
          {
            "name": "openSUSE-SU-2015:2353",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "name": "openSUSE-SU-2015:2406",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "name": "openSUSE-SU-2016:0308",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
          },
          {
            "name": "FEDORA-2015-7ab3d3afcf",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html"
          },
          {
            "name": "USN-2859-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2859-1"
          },
          {
            "name": "USN-2833-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2833-1"
          },
          {
            "name": "RHSA-2015:2657",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-2657.html"
          },
          {
            "name": "SUSE-SU-2015:2336",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html"
          },
          {
            "name": "openSUSE-SU-2016:0307",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
          },
          {
            "name": "FEDORA-2015-51b1105902",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html"
          },
          {
            "name": "1034426",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034426"
          },
          {
            "name": "DSA-3422",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3422"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-23T19:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-149.html"
        },
        {
          "name": "SUSE-SU-2015:2334",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html"
        },
        {
          "name": "openSUSE-SU-2015:2380",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html"
        },
        {
          "name": "DSA-3432",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3432"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1228950"
        },
        {
          "name": "79279",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/79279"
        },
        {
          "name": "SUSE-SU-2015:2335",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html"
        },
        {
          "name": "GLSA-201512-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201512-10"
        },
        {
          "name": "openSUSE-SU-2015:2353",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "name": "openSUSE-SU-2015:2406",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
        },
        {
          "name": "openSUSE-SU-2016:0308",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
        },
        {
          "name": "FEDORA-2015-7ab3d3afcf",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html"
        },
        {
          "name": "USN-2859-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2859-1"
        },
        {
          "name": "USN-2833-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2833-1"
        },
        {
          "name": "RHSA-2015:2657",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-2657.html"
        },
        {
          "name": "SUSE-SU-2015:2336",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html"
        },
        {
          "name": "openSUSE-SU-2016:0307",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
        },
        {
          "name": "FEDORA-2015-51b1105902",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html"
        },
        {
          "name": "1034426",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034426"
        },
        {
          "name": "DSA-3422",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3422"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2015-7214",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-149.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-149.html"
            },
            {
              "name": "SUSE-SU-2015:2334",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html"
            },
            {
              "name": "openSUSE-SU-2015:2380",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html"
            },
            {
              "name": "DSA-3432",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3432"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1228950",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1228950"
            },
            {
              "name": "79279",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/79279"
            },
            {
              "name": "SUSE-SU-2015:2335",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html"
            },
            {
              "name": "GLSA-201512-10",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201512-10"
            },
            {
              "name": "openSUSE-SU-2015:2353",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "name": "openSUSE-SU-2015:2406",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "openSUSE-SU-2016:0308",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
            },
            {
              "name": "FEDORA-2015-7ab3d3afcf",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html"
            },
            {
              "name": "USN-2859-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2859-1"
            },
            {
              "name": "USN-2833-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2833-1"
            },
            {
              "name": "RHSA-2015:2657",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2657.html"
            },
            {
              "name": "SUSE-SU-2015:2336",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html"
            },
            {
              "name": "openSUSE-SU-2016:0307",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
            },
            {
              "name": "FEDORA-2015-51b1105902",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html"
            },
            {
              "name": "1034426",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034426"
            },
            {
              "name": "DSA-3422",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3422"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2015-7214",
    "datePublished": "2015-12-16T11:00:00",
    "dateReserved": "2015-09-16T00:00:00",
    "dateUpdated": "2024-08-06T07:43:46.148Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7202 (GCVE-0-2015-7202)

Vulnerability from cvelistv5

Published

2015-12-16 11:00

Modified

2024-08-06 07:43

Severity ?

CWE

Summary

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1207571	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html	vendor-advisory, x_refsource_SUSE
	https://bugzilla.mozilla.org/show_bug.cgi?id=1200580	x_refsource_CONFIRM
	http://www.mozilla.org/security/announce/2015/mfsa2015-134.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/79279	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/201512-10	vendor-advisory, x_refsource_GENTOO
	http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html	vendor-advisory, x_refsource_SUSE
	https://bugzilla.mozilla.org/show_bug.cgi?id=1219330	x_refsource_CONFIRM
	https://bugzilla.mozilla.org/show_bug.cgi?id=1193999	x_refsource_CONFIRM
	https://bugzilla.mozilla.org/show_bug.cgi?id=1221421	x_refsource_CONFIRM
	https://bugzilla.mozilla.org/show_bug.cgi?id=1197012	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html	vendor-advisory, x_refsource_SUSE
	https://bugzilla.mozilla.org/show_bug.cgi?id=1193757	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html	vendor-advisory, x_refsource_FEDORA
	https://bugzilla.mozilla.org/show_bug.cgi?id=1194002	x_refsource_CONFIRM
	https://bugzilla.mozilla.org/show_bug.cgi?id=1208059	x_refsource_CONFIRM
	https://bugzilla.mozilla.org/show_bug.cgi?id=1188105	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2833-1	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.mozilla.org/show_bug.cgi?id=1221904	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html	vendor-advisory, x_refsource_SUSE
	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html	vendor-advisory, x_refsource_FEDORA
	http://www.securitytracker.com/id/1034426	vdb-entry, x_refsource_SECTRACK
	https://bugzilla.mozilla.org/show_bug.cgi?id=1212305	x_refsource_CONFIRM
	https://bugzilla.mozilla.org/show_bug.cgi?id=1194006	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:43:46.110Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1207571"
          },
          {
            "name": "SUSE-SU-2015:2334",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1200580"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-134.html"
          },
          {
            "name": "79279",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/79279"
          },
          {
            "name": "SUSE-SU-2015:2335",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html"
          },
          {
            "name": "GLSA-201512-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201512-10"
          },
          {
            "name": "openSUSE-SU-2015:2353",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1219330"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1193999"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1221421"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1197012"
          },
          {
            "name": "openSUSE-SU-2016:0308",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1193757"
          },
          {
            "name": "FEDORA-2015-7ab3d3afcf",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1194002"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1208059"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1188105"
          },
          {
            "name": "USN-2833-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2833-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1221904"
          },
          {
            "name": "SUSE-SU-2015:2336",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html"
          },
          {
            "name": "openSUSE-SU-2016:0307",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
          },
          {
            "name": "FEDORA-2015-51b1105902",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html"
          },
          {
            "name": "1034426",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034426"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1212305"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1194006"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T20:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1207571"
        },
        {
          "name": "SUSE-SU-2015:2334",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1200580"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-134.html"
        },
        {
          "name": "79279",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/79279"
        },
        {
          "name": "SUSE-SU-2015:2335",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html"
        },
        {
          "name": "GLSA-201512-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201512-10"
        },
        {
          "name": "openSUSE-SU-2015:2353",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1219330"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1193999"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1221421"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1197012"
        },
        {
          "name": "openSUSE-SU-2016:0308",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1193757"
        },
        {
          "name": "FEDORA-2015-7ab3d3afcf",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1194002"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1208059"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1188105"
        },
        {
          "name": "USN-2833-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2833-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1221904"
        },
        {
          "name": "SUSE-SU-2015:2336",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html"
        },
        {
          "name": "openSUSE-SU-2016:0307",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
        },
        {
          "name": "FEDORA-2015-51b1105902",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html"
        },
        {
          "name": "1034426",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034426"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1212305"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1194006"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2015-7202",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1207571",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1207571"
            },
            {
              "name": "SUSE-SU-2015:2334",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1200580",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1200580"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-134.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-134.html"
            },
            {
              "name": "79279",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/79279"
            },
            {
              "name": "SUSE-SU-2015:2335",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html"
            },
            {
              "name": "GLSA-201512-10",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201512-10"
            },
            {
              "name": "openSUSE-SU-2015:2353",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1219330",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1219330"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1193999",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1193999"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1221421",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1221421"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1197012",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1197012"
            },
            {
              "name": "openSUSE-SU-2016:0308",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1193757",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1193757"
            },
            {
              "name": "FEDORA-2015-7ab3d3afcf",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1194002",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1194002"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1208059",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1208059"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1188105",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1188105"
            },
            {
              "name": "USN-2833-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2833-1"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1221904",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1221904"
            },
            {
              "name": "SUSE-SU-2015:2336",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html"
            },
            {
              "name": "openSUSE-SU-2016:0307",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
            },
            {
              "name": "FEDORA-2015-51b1105902",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html"
            },
            {
              "name": "1034426",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034426"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1212305",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1212305"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1194006",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1194006"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2015-7202",
    "datePublished": "2015-12-16T11:00:00",
    "dateReserved": "2015-09-16T00:00:00",
    "dateUpdated": "2024-08-06T07:43:46.110Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7210 (GCVE-0-2015-7210)

Vulnerability from cvelistv5

Published

2015-12-16 11:00

Modified

2024-08-06 07:43

Severity ?

CWE

Summary

Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function.

References

►

URL

Tags

	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/79283	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/201512-10	vendor-advisory, x_refsource_GENTOO
	http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html	vendor-advisory, x_refsource_FEDORA
	http://www.mozilla.org/security/announce/2015/mfsa2015-138.html	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2833-1	vendor-advisory, x_refsource_UBUNTU
	http://rhn.redhat.com/errata/RHSA-2015-2657.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html	vendor-advisory, x_refsource_SUSE
	https://bugzilla.mozilla.org/show_bug.cgi?id=1218326	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html	vendor-advisory, x_refsource_SUSE
	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html	vendor-advisory, x_refsource_FEDORA
	http://www.securitytracker.com/id/1034426	vdb-entry, x_refsource_SECTRACK
	http://www.debian.org/security/2015/dsa-3422	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:43:45.692Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2015:2334",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html"
          },
          {
            "name": "79283",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/79283"
          },
          {
            "name": "openSUSE-SU-2015:2380",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html"
          },
          {
            "name": "SUSE-SU-2015:2335",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html"
          },
          {
            "name": "GLSA-201512-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201512-10"
          },
          {
            "name": "openSUSE-SU-2015:2353",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html"
          },
          {
            "name": "openSUSE-SU-2015:2406",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "name": "openSUSE-SU-2016:0308",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
          },
          {
            "name": "FEDORA-2015-7ab3d3afcf",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-138.html"
          },
          {
            "name": "USN-2833-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2833-1"
          },
          {
            "name": "RHSA-2015:2657",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-2657.html"
          },
          {
            "name": "SUSE-SU-2015:2336",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1218326"
          },
          {
            "name": "openSUSE-SU-2016:0307",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
          },
          {
            "name": "FEDORA-2015-51b1105902",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html"
          },
          {
            "name": "1034426",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034426"
          },
          {
            "name": "DSA-3422",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3422"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T20:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "SUSE-SU-2015:2334",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html"
        },
        {
          "name": "79283",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/79283"
        },
        {
          "name": "openSUSE-SU-2015:2380",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html"
        },
        {
          "name": "SUSE-SU-2015:2335",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html"
        },
        {
          "name": "GLSA-201512-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201512-10"
        },
        {
          "name": "openSUSE-SU-2015:2353",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html"
        },
        {
          "name": "openSUSE-SU-2015:2406",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
        },
        {
          "name": "openSUSE-SU-2016:0308",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
        },
        {
          "name": "FEDORA-2015-7ab3d3afcf",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-138.html"
        },
        {
          "name": "USN-2833-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2833-1"
        },
        {
          "name": "RHSA-2015:2657",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-2657.html"
        },
        {
          "name": "SUSE-SU-2015:2336",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1218326"
        },
        {
          "name": "openSUSE-SU-2016:0307",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
        },
        {
          "name": "FEDORA-2015-51b1105902",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html"
        },
        {
          "name": "1034426",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034426"
        },
        {
          "name": "DSA-3422",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3422"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2015-7210",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2015:2334",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html"
            },
            {
              "name": "79283",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/79283"
            },
            {
              "name": "openSUSE-SU-2015:2380",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html"
            },
            {
              "name": "SUSE-SU-2015:2335",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html"
            },
            {
              "name": "GLSA-201512-10",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201512-10"
            },
            {
              "name": "openSUSE-SU-2015:2353",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html"
            },
            {
              "name": "openSUSE-SU-2015:2406",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "openSUSE-SU-2016:0308",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
            },
            {
              "name": "FEDORA-2015-7ab3d3afcf",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-138.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-138.html"
            },
            {
              "name": "USN-2833-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2833-1"
            },
            {
              "name": "RHSA-2015:2657",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2657.html"
            },
            {
              "name": "SUSE-SU-2015:2336",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1218326",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1218326"
            },
            {
              "name": "openSUSE-SU-2016:0307",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
            },
            {
              "name": "FEDORA-2015-51b1105902",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html"
            },
            {
              "name": "1034426",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034426"
            },
            {
              "name": "DSA-3422",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3422"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2015-7210",
    "datePublished": "2015-12-16T11:00:00",
    "dateReserved": "2015-09-16T00:00:00",
    "dateUpdated": "2024-08-06T07:43:45.692Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7201 (GCVE-0-2015-7201)

Vulnerability from cvelistv5

Published

2015-12-16 11:00

Modified

2024-08-06 07:43

Severity ?

CWE

Summary

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

References

►

URL

Tags

	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html	vendor-advisory, x_refsource_SUSE
	http://www.mozilla.org/security/announce/2015/mfsa2015-134.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2016/dsa-3432	vendor-advisory, x_refsource_DEBIAN
	http://www.securityfocus.com/bid/79279	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/201512-10	vendor-advisory, x_refsource_GENTOO
	https://bugzilla.mozilla.org/show_bug.cgi?id=1224100	x_refsource_CONFIRM
	https://bugzilla.mozilla.org/show_bug.cgi?id=1203135	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html	vendor-advisory, x_refsource_FEDORA
	http://www.ubuntu.com/usn/USN-2859-1	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.mozilla.org/show_bug.cgi?id=1225250	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2833-1	vendor-advisory, x_refsource_UBUNTU
	http://rhn.redhat.com/errata/RHSA-2015-2657.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html	vendor-advisory, x_refsource_SUSE
	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html	vendor-advisory, x_refsource_FEDORA
	http://www.securitytracker.com/id/1034426	vdb-entry, x_refsource_SECTRACK
	http://www.debian.org/security/2015/dsa-3422	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:43:44.975Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2015:2334",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-134.html"
          },
          {
            "name": "openSUSE-SU-2015:2380",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html"
          },
          {
            "name": "DSA-3432",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3432"
          },
          {
            "name": "79279",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/79279"
          },
          {
            "name": "SUSE-SU-2015:2335",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html"
          },
          {
            "name": "GLSA-201512-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201512-10"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224100"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1203135"
          },
          {
            "name": "openSUSE-SU-2015:2353",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "name": "openSUSE-SU-2015:2406",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "name": "openSUSE-SU-2016:0308",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
          },
          {
            "name": "FEDORA-2015-7ab3d3afcf",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html"
          },
          {
            "name": "USN-2859-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2859-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1225250"
          },
          {
            "name": "USN-2833-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2833-1"
          },
          {
            "name": "RHSA-2015:2657",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-2657.html"
          },
          {
            "name": "SUSE-SU-2015:2336",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html"
          },
          {
            "name": "openSUSE-SU-2016:0307",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
          },
          {
            "name": "FEDORA-2015-51b1105902",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html"
          },
          {
            "name": "1034426",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034426"
          },
          {
            "name": "DSA-3422",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3422"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-23T19:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "SUSE-SU-2015:2334",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-134.html"
        },
        {
          "name": "openSUSE-SU-2015:2380",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html"
        },
        {
          "name": "DSA-3432",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3432"
        },
        {
          "name": "79279",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/79279"
        },
        {
          "name": "SUSE-SU-2015:2335",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html"
        },
        {
          "name": "GLSA-201512-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201512-10"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224100"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1203135"
        },
        {
          "name": "openSUSE-SU-2015:2353",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "name": "openSUSE-SU-2015:2406",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
        },
        {
          "name": "openSUSE-SU-2016:0308",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
        },
        {
          "name": "FEDORA-2015-7ab3d3afcf",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html"
        },
        {
          "name": "USN-2859-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2859-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1225250"
        },
        {
          "name": "USN-2833-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2833-1"
        },
        {
          "name": "RHSA-2015:2657",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-2657.html"
        },
        {
          "name": "SUSE-SU-2015:2336",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html"
        },
        {
          "name": "openSUSE-SU-2016:0307",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
        },
        {
          "name": "FEDORA-2015-51b1105902",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html"
        },
        {
          "name": "1034426",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034426"
        },
        {
          "name": "DSA-3422",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3422"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2015-7201",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2015:2334",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-134.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-134.html"
            },
            {
              "name": "openSUSE-SU-2015:2380",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html"
            },
            {
              "name": "DSA-3432",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3432"
            },
            {
              "name": "79279",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/79279"
            },
            {
              "name": "SUSE-SU-2015:2335",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html"
            },
            {
              "name": "GLSA-201512-10",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201512-10"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224100",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224100"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1203135",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1203135"
            },
            {
              "name": "openSUSE-SU-2015:2353",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "name": "openSUSE-SU-2015:2406",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "openSUSE-SU-2016:0308",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
            },
            {
              "name": "FEDORA-2015-7ab3d3afcf",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html"
            },
            {
              "name": "USN-2859-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2859-1"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1225250",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1225250"
            },
            {
              "name": "USN-2833-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2833-1"
            },
            {
              "name": "RHSA-2015:2657",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2657.html"
            },
            {
              "name": "SUSE-SU-2015:2336",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html"
            },
            {
              "name": "openSUSE-SU-2016:0307",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
            },
            {
              "name": "FEDORA-2015-51b1105902",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html"
            },
            {
              "name": "1034426",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034426"
            },
            {
              "name": "DSA-3422",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3422"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2015-7201",
    "datePublished": "2015-12-16T11:00:00",
    "dateReserved": "2015-09-16T00:00:00",
    "dateUpdated": "2024-08-06T07:43:44.975Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7205 (GCVE-0-2015-7205)

Vulnerability from cvelistv5

Published

2015-12-16 11:00

Modified

2024-08-06 07:43

Severity ?

CWE

Summary

Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet.

References

►

URL

Tags

	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2016/dsa-3432	vendor-advisory, x_refsource_DEBIAN
	http://www.securityfocus.com/bid/79279	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/201512-10	vendor-advisory, x_refsource_GENTOO
	http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://www.mozilla.org/security/announce/2015/mfsa2015-145.html	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html	vendor-advisory, x_refsource_FEDORA
	http://www.ubuntu.com/usn/USN-2859-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2833-1	vendor-advisory, x_refsource_UBUNTU
	http://rhn.redhat.com/errata/RHSA-2015-2657.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html	vendor-advisory, x_refsource_SUSE
	https://bugzilla.mozilla.org/show_bug.cgi?id=1220493	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html	vendor-advisory, x_refsource_SUSE
	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html	vendor-advisory, x_refsource_FEDORA
	http://www.securitytracker.com/id/1034426	vdb-entry, x_refsource_SECTRACK
	http://www.debian.org/security/2015/dsa-3422	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:43:45.696Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2015:2334",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html"
          },
          {
            "name": "openSUSE-SU-2015:2380",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html"
          },
          {
            "name": "DSA-3432",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3432"
          },
          {
            "name": "79279",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/79279"
          },
          {
            "name": "SUSE-SU-2015:2335",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html"
          },
          {
            "name": "GLSA-201512-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201512-10"
          },
          {
            "name": "openSUSE-SU-2015:2353",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "name": "openSUSE-SU-2015:2406",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "name": "openSUSE-SU-2016:0308",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-145.html"
          },
          {
            "name": "FEDORA-2015-7ab3d3afcf",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html"
          },
          {
            "name": "USN-2859-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2859-1"
          },
          {
            "name": "USN-2833-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2833-1"
          },
          {
            "name": "RHSA-2015:2657",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-2657.html"
          },
          {
            "name": "SUSE-SU-2015:2336",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1220493"
          },
          {
            "name": "openSUSE-SU-2016:0307",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
          },
          {
            "name": "FEDORA-2015-51b1105902",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html"
          },
          {
            "name": "1034426",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034426"
          },
          {
            "name": "DSA-3422",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3422"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-23T19:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "SUSE-SU-2015:2334",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html"
        },
        {
          "name": "openSUSE-SU-2015:2380",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html"
        },
        {
          "name": "DSA-3432",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3432"
        },
        {
          "name": "79279",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/79279"
        },
        {
          "name": "SUSE-SU-2015:2335",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html"
        },
        {
          "name": "GLSA-201512-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201512-10"
        },
        {
          "name": "openSUSE-SU-2015:2353",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "name": "openSUSE-SU-2015:2406",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
        },
        {
          "name": "openSUSE-SU-2016:0308",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-145.html"
        },
        {
          "name": "FEDORA-2015-7ab3d3afcf",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html"
        },
        {
          "name": "USN-2859-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2859-1"
        },
        {
          "name": "USN-2833-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2833-1"
        },
        {
          "name": "RHSA-2015:2657",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-2657.html"
        },
        {
          "name": "SUSE-SU-2015:2336",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1220493"
        },
        {
          "name": "openSUSE-SU-2016:0307",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
        },
        {
          "name": "FEDORA-2015-51b1105902",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html"
        },
        {
          "name": "1034426",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034426"
        },
        {
          "name": "DSA-3422",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3422"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2015-7205",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2015:2334",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html"
            },
            {
              "name": "openSUSE-SU-2015:2380",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html"
            },
            {
              "name": "DSA-3432",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3432"
            },
            {
              "name": "79279",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/79279"
            },
            {
              "name": "SUSE-SU-2015:2335",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html"
            },
            {
              "name": "GLSA-201512-10",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201512-10"
            },
            {
              "name": "openSUSE-SU-2015:2353",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "name": "openSUSE-SU-2015:2406",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "openSUSE-SU-2016:0308",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-145.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-145.html"
            },
            {
              "name": "FEDORA-2015-7ab3d3afcf",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html"
            },
            {
              "name": "USN-2859-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2859-1"
            },
            {
              "name": "USN-2833-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2833-1"
            },
            {
              "name": "RHSA-2015:2657",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2657.html"
            },
            {
              "name": "SUSE-SU-2015:2336",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1220493",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1220493"
            },
            {
              "name": "openSUSE-SU-2016:0307",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
            },
            {
              "name": "FEDORA-2015-51b1105902",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html"
            },
            {
              "name": "1034426",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034426"
            },
            {
              "name": "DSA-3422",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3422"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2015-7205",
    "datePublished": "2015-12-16T11:00:00",
    "dateReserved": "2015-09-16T00:00:00",
    "dateUpdated": "2024-08-06T07:43:45.696Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7222 (GCVE-0-2015-7222)

Vulnerability from cvelistv5

Published

2015-12-16 11:00

Modified

2024-08-06 07:43

Severity ?

CWE

Summary

Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow.

References

►

URL

Tags

	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/79279	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/201512-10	vendor-advisory, x_refsource_GENTOO
	http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html	vendor-advisory, x_refsource_SUSE
	https://bugzilla.mozilla.org/show_bug.cgi?id=1216748	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html	vendor-advisory, x_refsource_FEDORA
	http://www.ubuntu.com/usn/USN-2833-1	vendor-advisory, x_refsource_UBUNTU
	http://rhn.redhat.com/errata/RHSA-2015-2657.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html	vendor-advisory, x_refsource_SUSE
	http://www.mozilla.org/security/announce/2015/mfsa2015-147.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html	vendor-advisory, x_refsource_SUSE
	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html	vendor-advisory, x_refsource_FEDORA
	http://www.securitytracker.com/id/1034426	vdb-entry, x_refsource_SECTRACK
	http://www.debian.org/security/2015/dsa-3422	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:43:45.807Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2015:2334",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html"
          },
          {
            "name": "openSUSE-SU-2015:2380",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html"
          },
          {
            "name": "79279",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/79279"
          },
          {
            "name": "SUSE-SU-2015:2335",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html"
          },
          {
            "name": "GLSA-201512-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201512-10"
          },
          {
            "name": "openSUSE-SU-2015:2353",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1216748"
          },
          {
            "name": "openSUSE-SU-2015:2406",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "name": "openSUSE-SU-2016:0308",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
          },
          {
            "name": "FEDORA-2015-7ab3d3afcf",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html"
          },
          {
            "name": "USN-2833-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2833-1"
          },
          {
            "name": "RHSA-2015:2657",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-2657.html"
          },
          {
            "name": "SUSE-SU-2015:2336",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-147.html"
          },
          {
            "name": "openSUSE-SU-2016:0307",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
          },
          {
            "name": "FEDORA-2015-51b1105902",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html"
          },
          {
            "name": "1034426",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034426"
          },
          {
            "name": "DSA-3422",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3422"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T20:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "SUSE-SU-2015:2334",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html"
        },
        {
          "name": "openSUSE-SU-2015:2380",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html"
        },
        {
          "name": "79279",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/79279"
        },
        {
          "name": "SUSE-SU-2015:2335",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html"
        },
        {
          "name": "GLSA-201512-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201512-10"
        },
        {
          "name": "openSUSE-SU-2015:2353",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1216748"
        },
        {
          "name": "openSUSE-SU-2015:2406",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
        },
        {
          "name": "openSUSE-SU-2016:0308",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
        },
        {
          "name": "FEDORA-2015-7ab3d3afcf",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html"
        },
        {
          "name": "USN-2833-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2833-1"
        },
        {
          "name": "RHSA-2015:2657",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-2657.html"
        },
        {
          "name": "SUSE-SU-2015:2336",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-147.html"
        },
        {
          "name": "openSUSE-SU-2016:0307",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
        },
        {
          "name": "FEDORA-2015-51b1105902",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html"
        },
        {
          "name": "1034426",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034426"
        },
        {
          "name": "DSA-3422",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3422"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2015-7222",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2015:2334",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html"
            },
            {
              "name": "openSUSE-SU-2015:2380",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html"
            },
            {
              "name": "79279",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/79279"
            },
            {
              "name": "SUSE-SU-2015:2335",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html"
            },
            {
              "name": "GLSA-201512-10",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201512-10"
            },
            {
              "name": "openSUSE-SU-2015:2353",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1216748",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1216748"
            },
            {
              "name": "openSUSE-SU-2015:2406",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "openSUSE-SU-2016:0308",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
            },
            {
              "name": "FEDORA-2015-7ab3d3afcf",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html"
            },
            {
              "name": "USN-2833-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2833-1"
            },
            {
              "name": "RHSA-2015:2657",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2657.html"
            },
            {
              "name": "SUSE-SU-2015:2336",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-147.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-147.html"
            },
            {
              "name": "openSUSE-SU-2016:0307",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
            },
            {
              "name": "FEDORA-2015-51b1105902",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html"
            },
            {
              "name": "1034426",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034426"
            },
            {
              "name": "DSA-3422",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3422"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2015-7222",
    "datePublished": "2015-12-16T11:00:00",
    "dateReserved": "2015-09-16T00:00:00",
    "dateUpdated": "2024-08-06T07:43:45.807Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7212 (GCVE-0-2015-7212)

Vulnerability from cvelistv5

Published

2015-12-16 11:00

Modified

2024-08-06 07:43

Severity ?

CWE

Summary

Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation.

References

►

URL

Tags

	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2016/dsa-3432	vendor-advisory, x_refsource_DEBIAN
	http://www.securityfocus.com/bid/79279	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/201512-10	vendor-advisory, x_refsource_GENTOO
	http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html	vendor-advisory, x_refsource_SUSE
	https://bugzilla.mozilla.org/show_bug.cgi?id=1222809	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html	vendor-advisory, x_refsource_FEDORA
	http://www.ubuntu.com/usn/USN-2859-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2833-1	vendor-advisory, x_refsource_UBUNTU
	http://rhn.redhat.com/errata/RHSA-2015-2657.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html	vendor-advisory, x_refsource_SUSE
	http://www.mozilla.org/security/announce/2015/mfsa2015-139.html	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html	vendor-advisory, x_refsource_FEDORA
	http://www.securitytracker.com/id/1034426	vdb-entry, x_refsource_SECTRACK
	http://www.debian.org/security/2015/dsa-3422	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:43:45.448Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2015:2334",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html"
          },
          {
            "name": "openSUSE-SU-2015:2380",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html"
          },
          {
            "name": "DSA-3432",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3432"
          },
          {
            "name": "79279",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/79279"
          },
          {
            "name": "SUSE-SU-2015:2335",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html"
          },
          {
            "name": "GLSA-201512-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201512-10"
          },
          {
            "name": "openSUSE-SU-2015:2353",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "name": "openSUSE-SU-2015:2406",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1222809"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "name": "openSUSE-SU-2016:0308",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
          },
          {
            "name": "FEDORA-2015-7ab3d3afcf",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html"
          },
          {
            "name": "USN-2859-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2859-1"
          },
          {
            "name": "USN-2833-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2833-1"
          },
          {
            "name": "RHSA-2015:2657",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-2657.html"
          },
          {
            "name": "SUSE-SU-2015:2336",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html"
          },
          {
            "name": "openSUSE-SU-2016:0307",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-139.html"
          },
          {
            "name": "FEDORA-2015-51b1105902",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html"
          },
          {
            "name": "1034426",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034426"
          },
          {
            "name": "DSA-3422",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3422"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-23T19:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "SUSE-SU-2015:2334",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html"
        },
        {
          "name": "openSUSE-SU-2015:2380",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html"
        },
        {
          "name": "DSA-3432",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3432"
        },
        {
          "name": "79279",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/79279"
        },
        {
          "name": "SUSE-SU-2015:2335",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html"
        },
        {
          "name": "GLSA-201512-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201512-10"
        },
        {
          "name": "openSUSE-SU-2015:2353",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "name": "openSUSE-SU-2015:2406",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1222809"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
        },
        {
          "name": "openSUSE-SU-2016:0308",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
        },
        {
          "name": "FEDORA-2015-7ab3d3afcf",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html"
        },
        {
          "name": "USN-2859-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2859-1"
        },
        {
          "name": "USN-2833-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2833-1"
        },
        {
          "name": "RHSA-2015:2657",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-2657.html"
        },
        {
          "name": "SUSE-SU-2015:2336",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html"
        },
        {
          "name": "openSUSE-SU-2016:0307",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-139.html"
        },
        {
          "name": "FEDORA-2015-51b1105902",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html"
        },
        {
          "name": "1034426",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034426"
        },
        {
          "name": "DSA-3422",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3422"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2015-7212",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2015:2334",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html"
            },
            {
              "name": "openSUSE-SU-2015:2380",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html"
            },
            {
              "name": "DSA-3432",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3432"
            },
            {
              "name": "79279",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/79279"
            },
            {
              "name": "SUSE-SU-2015:2335",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html"
            },
            {
              "name": "GLSA-201512-10",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201512-10"
            },
            {
              "name": "openSUSE-SU-2015:2353",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "name": "openSUSE-SU-2015:2406",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1222809",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1222809"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "openSUSE-SU-2016:0308",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
            },
            {
              "name": "FEDORA-2015-7ab3d3afcf",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html"
            },
            {
              "name": "USN-2859-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2859-1"
            },
            {
              "name": "USN-2833-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2833-1"
            },
            {
              "name": "RHSA-2015:2657",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2657.html"
            },
            {
              "name": "SUSE-SU-2015:2336",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html"
            },
            {
              "name": "openSUSE-SU-2016:0307",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-139.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-139.html"
            },
            {
              "name": "FEDORA-2015-51b1105902",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html"
            },
            {
              "name": "1034426",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034426"
            },
            {
              "name": "DSA-3422",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3422"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2015-7212",
    "datePublished": "2015-12-16T11:00:00",
    "dateReserved": "2015-09-16T00:00:00",
    "dateUpdated": "2024-08-06T07:43:45.448Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7213 (GCVE-0-2015-7213)

Vulnerability from cvelistv5

Published

2015-12-16 11:00

Modified

2024-08-06 07:43

Severity ?

CWE

Summary

Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.

References

►

URL

Tags

	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2016/dsa-3432	vendor-advisory, x_refsource_DEBIAN
	http://www.securityfocus.com/bid/79279	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/201512-10	vendor-advisory, x_refsource_GENTOO
	https://bugzilla.mozilla.org/show_bug.cgi?id=1206211	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html	vendor-advisory, x_refsource_FEDORA
	http://www.ubuntu.com/usn/USN-2859-1	vendor-advisory, x_refsource_UBUNTU
	http://www.mozilla.org/security/announce/2015/mfsa2015-146.html	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2833-1	vendor-advisory, x_refsource_UBUNTU
	http://rhn.redhat.com/errata/RHSA-2015-2657.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html	vendor-advisory, x_refsource_SUSE
	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html	vendor-advisory, x_refsource_FEDORA
	http://www.securitytracker.com/id/1034426	vdb-entry, x_refsource_SECTRACK
	http://www.debian.org/security/2015/dsa-3422	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:43:46.136Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2015:2334",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html"
          },
          {
            "name": "openSUSE-SU-2015:2380",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html"
          },
          {
            "name": "DSA-3432",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3432"
          },
          {
            "name": "79279",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/79279"
          },
          {
            "name": "SUSE-SU-2015:2335",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html"
          },
          {
            "name": "GLSA-201512-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201512-10"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1206211"
          },
          {
            "name": "openSUSE-SU-2015:2353",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "name": "openSUSE-SU-2015:2406",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "name": "openSUSE-SU-2016:0308",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
          },
          {
            "name": "FEDORA-2015-7ab3d3afcf",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html"
          },
          {
            "name": "USN-2859-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2859-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-146.html"
          },
          {
            "name": "USN-2833-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2833-1"
          },
          {
            "name": "RHSA-2015:2657",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-2657.html"
          },
          {
            "name": "SUSE-SU-2015:2336",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html"
          },
          {
            "name": "openSUSE-SU-2016:0307",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
          },
          {
            "name": "FEDORA-2015-51b1105902",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html"
          },
          {
            "name": "1034426",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034426"
          },
          {
            "name": "DSA-3422",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3422"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-23T19:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "SUSE-SU-2015:2334",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html"
        },
        {
          "name": "openSUSE-SU-2015:2380",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html"
        },
        {
          "name": "DSA-3432",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3432"
        },
        {
          "name": "79279",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/79279"
        },
        {
          "name": "SUSE-SU-2015:2335",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html"
        },
        {
          "name": "GLSA-201512-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201512-10"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1206211"
        },
        {
          "name": "openSUSE-SU-2015:2353",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "name": "openSUSE-SU-2015:2406",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
        },
        {
          "name": "openSUSE-SU-2016:0308",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
        },
        {
          "name": "FEDORA-2015-7ab3d3afcf",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html"
        },
        {
          "name": "USN-2859-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2859-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-146.html"
        },
        {
          "name": "USN-2833-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2833-1"
        },
        {
          "name": "RHSA-2015:2657",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-2657.html"
        },
        {
          "name": "SUSE-SU-2015:2336",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html"
        },
        {
          "name": "openSUSE-SU-2016:0307",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
        },
        {
          "name": "FEDORA-2015-51b1105902",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html"
        },
        {
          "name": "1034426",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034426"
        },
        {
          "name": "DSA-3422",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3422"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2015-7213",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2015:2334",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html"
            },
            {
              "name": "openSUSE-SU-2015:2380",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html"
            },
            {
              "name": "DSA-3432",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3432"
            },
            {
              "name": "79279",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/79279"
            },
            {
              "name": "SUSE-SU-2015:2335",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html"
            },
            {
              "name": "GLSA-201512-10",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201512-10"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1206211",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1206211"
            },
            {
              "name": "openSUSE-SU-2015:2353",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "name": "openSUSE-SU-2015:2406",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "openSUSE-SU-2016:0308",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
            },
            {
              "name": "FEDORA-2015-7ab3d3afcf",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html"
            },
            {
              "name": "USN-2859-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2859-1"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-146.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-146.html"
            },
            {
              "name": "USN-2833-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2833-1"
            },
            {
              "name": "RHSA-2015:2657",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2657.html"
            },
            {
              "name": "SUSE-SU-2015:2336",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html"
            },
            {
              "name": "openSUSE-SU-2016:0307",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
            },
            {
              "name": "FEDORA-2015-51b1105902",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html"
            },
            {
              "name": "1034426",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034426"
            },
            {
              "name": "DSA-3422",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3422"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2015-7213",
    "datePublished": "2015-12-16T11:00:00",
    "dateReserved": "2015-09-16T00:00:00",
    "dateUpdated": "2024-08-06T07:43:46.136Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2015:2336-1

Vulnerability from csaf_suse

CVE-2015-7214 (GCVE-0-2015-7214)

Vulnerability from cvelistv5

CVE-2015-7202 (GCVE-0-2015-7202)

Vulnerability from cvelistv5

CVE-2015-7210 (GCVE-0-2015-7210)

Vulnerability from cvelistv5

CVE-2015-7201 (GCVE-0-2015-7201)

Vulnerability from cvelistv5

CVE-2015-7205 (GCVE-0-2015-7205)

Vulnerability from cvelistv5

CVE-2015-7222 (GCVE-0-2015-7222)

Vulnerability from cvelistv5

CVE-2015-7212 (GCVE-0-2015-7212)

Vulnerability from cvelistv5

CVE-2015-7213 (GCVE-0-2015-7213)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature