CVE-2015-7175

Loading...

General

Score:7.5/10.0
Severity:High
Category:Buffer Error
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2015-4473, CVE-2015-4474, CVE-2015-4475, CVE-2015-4476, CVE-2015-4478, CVE-2015-4479, CVE-2015-4484, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4491, CVE-2015-4492, CVE-2015-4497, CVE-2015-4498, CVE-2015-4500, CVE-2015-4501, CVE-2015-4502, CVE-2015-4503, CVE-2015-4504, CVE-2015-4505, CVE-2015-4506, CVE-2015-4507, CVE-2015-4508, CVE-2015-4509, CVE-2015-4510, CVE-2015-4511, CVE-2015-4512, CVE-2015-4513, CVE-2015-4516, CVE-2015-4517, CVE-2015-4519, CVE-2015-4520, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7176, CVE-2015-7177, CVE-2015-7178, CVE-2015-7179, CVE-2015-7180, CVE-2015-7181, CVE-2015-7182, CVE-2015-7183, CVE-2015-7188, CVE-2015-7189, CVE-2015-7193, CVE-2015-7194, CVE-2015-7196, CVE-2015-7197, CVE-2015-7198, CVE-2015-7199, CVE-2015-7200

Published on 24/09/15 - Updated on 22/12/16

Description

The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."

Category: Buffer Error

CWE-119 (Buffer Errors)
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Security Notices

US National Vulnerability DatabaseCVE-2015-7175
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2015-AVI-405, CERTFR-2015-AVI-442
Arch Linux ASA-201509-9
CentOS CESA-2015:1834, CESA-2015:1852
Debian DSA-3365-1
Mozilla MFSA2015-112
Redhat RHSA-2015:1834, RHSA-2015:1852
Renater 2015/VULN204
SUSE SUSE-SU-2015:1680, SUSE-SU-2015:1703, SUSE-SU-2015:2081
Ubuntu USN-2743-1, USN-2743-2, USN-2743-3, USN-2743-4, USN-2754-1

Exploits

SecurityFocusBID-76816

Relative technologies

VendorProduct
mozillafirefox
mozillafirefox_esr

Share this vulnerability with:

Twitter Facebook LinkedIn Mail