Vulnerability in Mozilla Firefox
CVE-2015-2738
The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory lo…
EPSS: 0.013 (79.7th percentile) — read the EPSS interpretation.
Affected products
- Mozilla Firefox — versions 31.0, 31.1.0, 31.1.1
- Mozilla Firefox_esr — versions 31.1, 31.2, 31.3
- Mozilla Thunderbird
- Oracle Solaris — versions 11.3
- Canonical Ubuntu_linux — versions 12.04, 14.04, 14.10
- Debian Debian_linux — versions 7.0, 8.0
- Suse Linux_enterprise_desktop — versions 12
- Suse Linux_enterprise_server — versions 11
- Suse Linux_enterprise_software_development_kit — versions 12
- Suse Suse_linux_enterprise_server — versions 12
Weakness classification (CWE)
References
- openSUSE-SU-2015:1229 (vendor-advisory, x_refsource_SUSE)
- RHSA-2015:1455 (x_refsource_REDHAT, vendor-advisory)
- SUSE-SU-2015:1268 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
- GLSA-201512-10 (vendor-advisory, x_refsource_GENTOO)
- 75541 (vdb-entry, x_refsource_BID)
- security@mozilla.org (x_refsource_CONFIRM, Third Party Advisory)
- DSA-3324 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
- USN-2673-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
- 1032784 (vdb-entry, x_refsource_SECTRACK)
- RHSA-2015:1207 (x_refsource_REDHAT, vendor-advisory)