usn-2602-1
Vulnerability from osv_ubuntu
Published
2015-05-13 17:41
Modified
2026-04-22 07:36
Summary
firefox vulnerabilities
Details

Jesse Ruderman, Mats Palmgren, Byron Campen, Steve Fink, Gary Kwong, Andrew McCreight, Christian Holler, Jon Coppeard, and Milan Sreckovic discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2708, CVE-2015-2709)

Atte Kettunen discovered a buffer overflow during the rendering of SVG content with certain CSS properties in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2710)

Alex Verstak discovered that is ignored in some circumstances. (CVE-2015-2711)

Dougall Johnson discovered an out of bounds read and write in asm.js. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2712)

Scott Bell discovered a use-afer-free during the processing of text when vertical text is enabled. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2713)

Tyson Smith and Jesse Schwartzentruber discovered a use-after-free during shutdown. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2715)

Ucha Gobejishvili discovered a buffer overflow when parsing compressed XML content. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2716)

A buffer overflow and out-of-bounds read were discovered when parsing metadata in MP4 files in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2717)

Mark Hammond discovered that when a trusted page is hosted within an iframe in an untrusted page, the untrusted page can intercept webchannel responses meant for the trusted page in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to bypass origin restrictions. (CVE-2015-2718)


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2015-2708",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-2709",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-2710",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-2711",
              "severity": [
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-2712",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-2713",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-2715",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-2716",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-2717",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-2718",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:14.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "firefox",
            "binary_version": "38.0+build3-0ubuntu0.14.04.1"
          },
          {
            "binary_name": "firefox-globalmenu",
            "binary_version": "38.0+build3-0ubuntu0.14.04.1"
          },
          {
            "binary_name": "firefox-mozsymbols",
            "binary_version": "38.0+build3-0ubuntu0.14.04.1"
          },
          {
            "binary_name": "firefox-testsuite",
            "binary_version": "38.0+build3-0ubuntu0.14.04.1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:14.04:LTS",
        "name": "firefox",
        "purl": "pkg:deb/ubuntu/firefox@38.0+build3-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "38.0+build3-0ubuntu0.14.04.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "24.0+build1-0ubuntu1",
        "25.0+build3-0ubuntu0.13.10.1",
        "28.0~b2+build1-0ubuntu2",
        "28.0+build1-0ubuntu1",
        "28.0+build2-0ubuntu1",
        "28.0+build2-0ubuntu2",
        "29.0+build1-0ubuntu0.14.04.2",
        "30.0+build1-0ubuntu0.14.04.3",
        "31.0+build1-0ubuntu0.14.04.1",
        "32.0+build1-0ubuntu0.14.04.1",
        "32.0.3+build1-0ubuntu0.14.04.1",
        "33.0+build2-0ubuntu0.14.04.1",
        "34.0+build2-0ubuntu0.14.04.1",
        "35.0+build3-0ubuntu0.14.04.2",
        "35.0.1+build1-0ubuntu0.14.04.1",
        "36.0+build2-0ubuntu0.14.04.4",
        "36.0.1+build2-0ubuntu0.14.04.1",
        "36.0.4+build1-0ubuntu0.14.04.1",
        "37.0+build2-0ubuntu0.14.04.1",
        "37.0.1+build1-0ubuntu0.14.04.1",
        "37.0.2+build1-0ubuntu0.14.04.1"
      ]
    }
  ],
  "aliases": [],
  "details": "Jesse Ruderman, Mats Palmgren, Byron Campen, Steve Fink, Gary Kwong,\nAndrew McCreight, Christian Holler, Jon Coppeard, and Milan Sreckovic\ndiscovered multiple memory safety issues in Firefox. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2015-2708, CVE-2015-2709)\n\nAtte Kettunen discovered a buffer overflow during the rendering of SVG\ncontent with certain CSS properties in some circumstances. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2015-2710)\n\nAlex Verstak discovered that \u003cmeta name=\"referrer\"\u003e is ignored in some\ncircumstances. (CVE-2015-2711)\n\nDougall Johnson discovered an out of bounds read and write in asm.js. If\na user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to obtain sensitive information,\ncause a denial of service via application crash, or execute arbitrary\ncode with the privileges of the user invoking Firefox. (CVE-2015-2712)\n\nScott Bell discovered a use-afer-free during the processing of text when\nvertical text is enabled. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2015-2713)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free during\nshutdown. An attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2015-2715)\n\nUcha Gobejishvili discovered a buffer overflow when parsing compressed XML\ncontent. If a user were tricked in to opening a specially crafted website,\nan attacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges of\nthe user invoking Firefox. (CVE-2015-2716)\n\nA buffer overflow and out-of-bounds read were discovered when parsing\nmetadata in MP4 files in some circumstances. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to cause a denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking Firefox.\n(CVE-2015-2717)\n\nMark Hammond discovered that when a trusted page is hosted within an\niframe in an untrusted page, the untrusted page can intercept webchannel\nresponses meant for the trusted page in some circumstances. If a user\nwere tricked in to opening a specially crafted website, an attacker could\nexploit this to bypass origin restrictions. (CVE-2015-2718)\n",
  "id": "USN-2602-1",
  "modified": "2026-04-22T07:36:32Z",
  "published": "2015-05-13T17:41:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-2602-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2708"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2709"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2710"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2711"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2712"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2713"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2715"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2716"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2717"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2718"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "firefox vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2015-2708",
    "UBUNTU-CVE-2015-2709",
    "UBUNTU-CVE-2015-2710",
    "UBUNTU-CVE-2015-2711",
    "UBUNTU-CVE-2015-2712",
    "UBUNTU-CVE-2015-2713",
    "UBUNTU-CVE-2015-2715",
    "UBUNTU-CVE-2015-2716",
    "UBUNTU-CVE-2015-2717",
    "UBUNTU-CVE-2015-2718"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…