Buffer overflow in Mozilla Firefox

CVE-2015-2739

The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors.

Vulnerability class: Buffer Overflow

EPSS: 0.011 (77.9th percentile) — read the EPSS interpretation.

Affected products

Mozilla Firefox — versions 31.0, 31.1.0, 31.1.1
Mozilla Firefox_esr — versions 31.1, 31.2, 31.3
Mozilla Thunderbird
Novell Suse_linux_enterprise_desktop — versions 12.0
Novell Suse_linux_enterprise_server — versions 11, 12.0
Novell Suse_linux_enterprise_software_development_kit — versions 12.0
Oracle Solaris — versions 11.3
Canonical Ubuntu_linux — versions 12.04, 14.04, 14.10
Debian Debian_linux — versions 7.0, 8.0
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

openSUSE-SU-2015:1229 (vendor-advisory, x_refsource_SUSE)
RHSA-2015:1455 (x_refsource_REDHAT, vendor-advisory)
SUSE-SU-2015:1268 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
GLSA-201512-10 (vendor-advisory, x_refsource_GENTOO)
75541 (vdb-entry, x_refsource_BID)
security@mozilla.org (x_refsource_CONFIRM, Third Party Advisory)
DSA-3324 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
USN-2673-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
security@mozilla.org (x_refsource_CONFIRM, Issue Tracking)
1032784 (vdb-entry, x_refsource_SECTRACK)