Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2015-2738
Modified
More InfoOfficial Page
Source-security@mozilla.org
View Known Exploited Vulnerability (KEV) details
Published At-06 Jul, 2015 | 02:01
Updated At-06 May, 2026 | 22:30

The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Canonical Ltd.
canonical
>>ubuntu_linux>>12.04
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>14.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>14.10
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>15.04
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_desktop>>12
cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_server>>11
cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_software_development_kit>>12
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux_enterprise_server>>12
cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>Versions up to 38.1.0(inclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>31.0
cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>31.1.0
cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>31.1.1
cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>31.3.0
cpe:2.3:a:mozilla:firefox:31.3.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>31.5.1
cpe:2.3:a:mozilla:firefox:31.5.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>31.5.2
cpe:2.3:a:mozilla:firefox:31.5.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>31.5.3
cpe:2.3:a:mozilla:firefox:31.5.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>38.0
cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox_esr>>31.1
cpe:2.3:a:mozilla:firefox_esr:31.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox_esr>>31.2
cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox_esr>>31.3
cpe:2.3:a:mozilla:firefox_esr:31.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox_esr>>31.4
cpe:2.3:a:mozilla:firefox_esr:31.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox_esr>>31.5
cpe:2.3:a:mozilla:firefox_esr:31.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox_esr>>31.6.0
cpe:2.3:a:mozilla:firefox_esr:31.6.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox_esr>>31.7.0
cpe:2.3:a:mozilla:firefox_esr:31.7.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>Versions up to 38.0.1(inclusive)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>solaris>>11.3
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-17Primarynvd@nist.gov
CWE ID: CWE-17
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.htmlsecurity@mozilla.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.htmlsecurity@mozilla.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.htmlsecurity@mozilla.org
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.htmlsecurity@mozilla.org
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.htmlsecurity@mozilla.org
N/A
http://rhn.redhat.com/errata/RHSA-2015-1207.htmlsecurity@mozilla.org
N/A
http://rhn.redhat.com/errata/RHSA-2015-1455.htmlsecurity@mozilla.org
N/A
http://www.debian.org/security/2015/dsa-3300security@mozilla.org
N/A
http://www.debian.org/security/2015/dsa-3324security@mozilla.org
Third Party Advisory
http://www.mozilla.org/security/announce/2015/mfsa2015-66.htmlsecurity@mozilla.org
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlsecurity@mozilla.org
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlsecurity@mozilla.org
Third Party Advisory
http://www.securityfocus.com/bid/75541security@mozilla.org
N/A
http://www.securitytracker.com/id/1032783security@mozilla.org
N/A
http://www.securitytracker.com/id/1032784security@mozilla.org
N/A
http://www.ubuntu.com/usn/USN-2656-1security@mozilla.org
N/A
http://www.ubuntu.com/usn/USN-2656-2security@mozilla.org
N/A
http://www.ubuntu.com/usn/USN-2673-1security@mozilla.org
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1167356security@mozilla.org
Issue Tracking
https://security.gentoo.org/glsa/201512-10security@mozilla.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2015-1207.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2015-1455.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2015/dsa-3300af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2015/dsa-3324af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.mozilla.org/security/announce/2015/mfsa2015-66.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/bid/75541af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1032783af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1032784af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-2656-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-2656-2af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-2673-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1167356af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
https://security.gentoo.org/glsa/201512-10af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html
Source: security@mozilla.org
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html
Source: security@mozilla.org
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1207.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1455.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2015/dsa-3300
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2015/dsa-3324
Source: security@mozilla.org
Resource:
Third Party Advisory
Hyperlink: http://www.mozilla.org/security/announce/2015/mfsa2015-66.html
Source: security@mozilla.org
Resource:
Vendor Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Source: security@mozilla.org
Resource:
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Source: security@mozilla.org
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/75541
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1032783
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1032784
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2656-1
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2656-2
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2673-1
Source: security@mozilla.org
Resource:
Third Party Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1167356
Source: security@mozilla.org
Resource:
Issue Tracking
Hyperlink: https://security.gentoo.org/glsa/201512-10
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1207.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1455.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2015/dsa-3300
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2015/dsa-3324
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.mozilla.org/security/announce/2015/mfsa2015-66.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/75541
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1032783
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1032784
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2656-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2656-2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2673-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1167356
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Hyperlink: https://security.gentoo.org/glsa/201512-10
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Change History
0Changes found
Details not found