Action not permitted
Modal body text goes here.
Modal Title
Modal Body
usn-2673-1
Vulnerability from osv_ubuntu
Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721)
Bob Clary, Christian Holler, Bobby Holley, and Andrew McCreight discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-2724)
Ronald Crane discovered multiple security vulnerabilities. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740)
Matthew Green discovered a DHE key processing issue in NSS where a MITM could force a server to downgrade TLS connections to 512-bit export-grade cryptography. An attacker could potentially exploit this to impersonate the server. (CVE-2015-4000)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2015-2721",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2724",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2734",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2735",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2736",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2737",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2738",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2739",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2740",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-4000",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-globalmenu",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-testsuite",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:31.8.0+build1-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:31.8.0+build1-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:24.0+build1-0ubuntu1",
"1:24.0+build1-0ubuntu2",
"1:24.1.1+build1-0ubuntu0.13.10.1",
"1:24.1.1+build1-0ubuntu1",
"1:24.2.0+build1-0ubuntu1",
"1:24.4.0+build1-0ubuntu1",
"1:24.5.0+build1-0ubuntu0.14.04.1",
"1:24.6.0+build1-0ubuntu0.14.04.1",
"1:31.0+build1-0ubuntu0.14.04.1",
"1:31.1.1+build1-0ubuntu0.14.04.1",
"1:31.1.2+build1-0ubuntu0.14.04.1",
"1:31.2.0+build2-0ubuntu0.14.04.1",
"1:31.3.0+build1-0ubuntu0.14.04.1",
"1:31.4.0+build1-0ubuntu0.14.04.1",
"1:31.5.0+build1-0ubuntu0.14.04.1",
"1:31.6.0+build1-0ubuntu0.14.04.1",
"1:31.7.0+build1-0ubuntu0.14.04.1"
]
}
],
"aliases": [],
"details": "Karthikeyan Bhargavan discovered that NSS incorrectly handled state\ntransitions for the TLS state machine. If a remote attacker were able to\nperform a machine-in-the-middle attack, this flaw could be exploited to skip\nthe ServerKeyExchange message and remove the forward-secrecy property.\n(CVE-2015-2721)\n\nBob Clary, Christian Holler, Bobby Holley, and Andrew McCreight discovered\nmultiple memory safety issues in Thunderbird. If a user were tricked in to\nopening a specially crafted website in a browsing context, an attacker\ncould potentially exploit these to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of the\nuser invoking Thunderbird. (CVE-2015-2724)\n\nRonald Crane discovered multiple security vulnerabilities. If a user were\ntricked in to opening a specially crafted website in a browsing context,\nan attacker could potentially exploit these to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges of\nthe user invoking Thunderbird. (CVE-2015-2734, CVE-2015-2735,\nCVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740)\n\nMatthew Green discovered a DHE key processing issue in NSS where a MITM\ncould force a server to downgrade TLS connections to 512-bit export-grade\ncryptography. An attacker could potentially exploit this to impersonate\nthe server. (CVE-2015-4000)\n",
"id": "USN-2673-1",
"modified": "2026-05-29T17:43:57Z",
"published": "2015-07-20T22:04:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2673-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2721"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2724"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2734"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2735"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2736"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2737"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2738"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2739"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2740"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-4000"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "thunderbird vulnerabilities",
"upstream": [
"UBUNTU-CVE-2015-2721",
"UBUNTU-CVE-2015-2724",
"UBUNTU-CVE-2015-2734",
"UBUNTU-CVE-2015-2735",
"UBUNTU-CVE-2015-2736",
"UBUNTU-CVE-2015-2737",
"UBUNTU-CVE-2015-2738",
"UBUNTU-CVE-2015-2739",
"UBUNTU-CVE-2015-2740",
"UBUNTU-CVE-2015-4000"
]
}
ubuntu-cve-2015-2721
Vulnerability from osv_ubuntu
Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue.
| URL | Type | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-globalmenu",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-testsuite",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@39.0+build5-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "39.0+build5-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"24.0+build1-0ubuntu1",
"25.0+build3-0ubuntu0.13.10.1",
"28.0~b2+build1-0ubuntu2",
"28.0+build1-0ubuntu1",
"28.0+build2-0ubuntu1",
"28.0+build2-0ubuntu2",
"29.0+build1-0ubuntu0.14.04.2",
"30.0+build1-0ubuntu0.14.04.3",
"31.0+build1-0ubuntu0.14.04.1",
"32.0+build1-0ubuntu0.14.04.1",
"32.0.3+build1-0ubuntu0.14.04.1",
"33.0+build2-0ubuntu0.14.04.1",
"34.0+build2-0ubuntu0.14.04.1",
"35.0+build3-0ubuntu0.14.04.2",
"35.0.1+build1-0ubuntu0.14.04.1",
"36.0+build2-0ubuntu0.14.04.4",
"36.0.1+build2-0ubuntu0.14.04.1",
"36.0.4+build1-0ubuntu0.14.04.1",
"37.0+build2-0ubuntu0.14.04.1",
"37.0.1+build1-0ubuntu0.14.04.1",
"37.0.2+build1-0ubuntu0.14.04.1",
"38.0+build3-0ubuntu0.14.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libnss3",
"binary_version": "2:3.19.2-0ubuntu0.14.04.1"
},
{
"binary_name": "libnss3-1d",
"binary_version": "2:3.19.2-0ubuntu0.14.04.1"
},
{
"binary_name": "libnss3-nssdb",
"binary_version": "2:3.19.2-0ubuntu0.14.04.1"
},
{
"binary_name": "libnss3-tools",
"binary_version": "2:3.19.2-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "nss",
"purl": "pkg:deb/ubuntu/nss@2:3.19.2-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:3.19.2-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2:3.15.1-1ubuntu1",
"2:3.15.2-1",
"2:3.15.3-1",
"2:3.15.3.1-1",
"2:3.15.3.1-1.1",
"2:3.15.3.1-1.1ubuntu1",
"2:3.15.4-1ubuntu3",
"2:3.15.4-1ubuntu4",
"2:3.15.4-1ubuntu5",
"2:3.15.4-1ubuntu6",
"2:3.15.4-1ubuntu7",
"2:3.15.4-1ubuntu7.1",
"2:3.17-0ubuntu0.14.04.1",
"2:3.17.1-0ubuntu0.14.04.1",
"2:3.17.1-0ubuntu0.14.04.2",
"2:3.17.4-0ubuntu0.14.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-globalmenu",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-testsuite",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:31.8.0+build1-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:31.8.0+build1-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:24.0+build1-0ubuntu1",
"1:24.0+build1-0ubuntu2",
"1:24.1.1+build1-0ubuntu0.13.10.1",
"1:24.1.1+build1-0ubuntu1",
"1:24.2.0+build1-0ubuntu1",
"1:24.4.0+build1-0ubuntu1",
"1:24.5.0+build1-0ubuntu0.14.04.1",
"1:24.6.0+build1-0ubuntu0.14.04.1",
"1:31.0+build1-0ubuntu0.14.04.1",
"1:31.1.1+build1-0ubuntu0.14.04.1",
"1:31.1.2+build1-0ubuntu0.14.04.1",
"1:31.2.0+build2-0ubuntu0.14.04.1",
"1:31.3.0+build1-0ubuntu0.14.04.1",
"1:31.4.0+build1-0ubuntu0.14.04.1",
"1:31.5.0+build1-0ubuntu0.14.04.1",
"1:31.6.0+build1-0ubuntu0.14.04.1",
"1:31.7.0+build1-0ubuntu0.14.04.1"
]
}
],
"aliases": [],
"details": "Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a \"SMACK SKIP-TLS\" issue.",
"id": "UBUNTU-CVE-2015-2721",
"modified": "2026-04-22T07:37:47Z",
"published": "2015-07-05T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2721"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-71/"
},
{
"type": "REPORT",
"url": "https://smacktls.com"
},
{
"type": "REPORT",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1086145"
},
{
"type": "REPORT",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-71.html"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2672-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2656-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2656-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2673-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2721"
}
],
"related": [
"USN-2672-1",
"USN-2656-1",
"USN-2656-2",
"USN-2673-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2015-2721"
]
}
ubuntu-cve-2015-2724
Vulnerability from osv_ubuntu
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
| URL | Type | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-globalmenu",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-testsuite",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@39.0+build5-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "39.0+build5-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"24.0+build1-0ubuntu1",
"25.0+build3-0ubuntu0.13.10.1",
"28.0~b2+build1-0ubuntu2",
"28.0+build1-0ubuntu1",
"28.0+build2-0ubuntu1",
"28.0+build2-0ubuntu2",
"29.0+build1-0ubuntu0.14.04.2",
"30.0+build1-0ubuntu0.14.04.3",
"31.0+build1-0ubuntu0.14.04.1",
"32.0+build1-0ubuntu0.14.04.1",
"32.0.3+build1-0ubuntu0.14.04.1",
"33.0+build2-0ubuntu0.14.04.1",
"34.0+build2-0ubuntu0.14.04.1",
"35.0+build3-0ubuntu0.14.04.2",
"35.0.1+build1-0ubuntu0.14.04.1",
"36.0+build2-0ubuntu0.14.04.4",
"36.0.1+build2-0ubuntu0.14.04.1",
"36.0.4+build1-0ubuntu0.14.04.1",
"37.0+build2-0ubuntu0.14.04.1",
"37.0.1+build1-0ubuntu0.14.04.1",
"37.0.2+build1-0ubuntu0.14.04.1",
"38.0+build3-0ubuntu0.14.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-globalmenu",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-testsuite",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:31.8.0+build1-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:31.8.0+build1-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:24.0+build1-0ubuntu1",
"1:24.0+build1-0ubuntu2",
"1:24.1.1+build1-0ubuntu0.13.10.1",
"1:24.1.1+build1-0ubuntu1",
"1:24.2.0+build1-0ubuntu1",
"1:24.4.0+build1-0ubuntu1",
"1:24.5.0+build1-0ubuntu0.14.04.1",
"1:24.6.0+build1-0ubuntu0.14.04.1",
"1:31.0+build1-0ubuntu0.14.04.1",
"1:31.1.1+build1-0ubuntu0.14.04.1",
"1:31.1.2+build1-0ubuntu0.14.04.1",
"1:31.2.0+build2-0ubuntu0.14.04.1",
"1:31.3.0+build1-0ubuntu0.14.04.1",
"1:31.4.0+build1-0ubuntu0.14.04.1",
"1:31.5.0+build1-0ubuntu0.14.04.1",
"1:31.6.0+build1-0ubuntu0.14.04.1",
"1:31.7.0+build1-0ubuntu0.14.04.1"
]
}
],
"aliases": [],
"details": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.",
"id": "UBUNTU-CVE-2015-2724",
"modified": "2026-04-22T07:37:47Z",
"published": "2015-07-05T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2724"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-59/"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1164567"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1160884"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1154876"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1143679"
},
{
"type": "REPORT",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-59.html"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2656-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2656-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2673-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2724"
}
],
"related": [
"USN-2656-1",
"USN-2656-2",
"USN-2673-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2015-2724"
]
}
ubuntu-cve-2015-2730
Vulnerability from osv_ubuntu
Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.
| URL | Type | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-globalmenu",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-testsuite",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@39.0+build5-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "39.0+build5-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"24.0+build1-0ubuntu1",
"25.0+build3-0ubuntu0.13.10.1",
"28.0~b2+build1-0ubuntu2",
"28.0+build1-0ubuntu1",
"28.0+build2-0ubuntu1",
"28.0+build2-0ubuntu2",
"29.0+build1-0ubuntu0.14.04.2",
"30.0+build1-0ubuntu0.14.04.3",
"31.0+build1-0ubuntu0.14.04.1",
"32.0+build1-0ubuntu0.14.04.1",
"32.0.3+build1-0ubuntu0.14.04.1",
"33.0+build2-0ubuntu0.14.04.1",
"34.0+build2-0ubuntu0.14.04.1",
"35.0+build3-0ubuntu0.14.04.2",
"35.0.1+build1-0ubuntu0.14.04.1",
"36.0+build2-0ubuntu0.14.04.4",
"36.0.1+build2-0ubuntu0.14.04.1",
"36.0.4+build1-0ubuntu0.14.04.1",
"37.0+build2-0ubuntu0.14.04.1",
"37.0.1+build1-0ubuntu0.14.04.1",
"37.0.2+build1-0ubuntu0.14.04.1",
"38.0+build3-0ubuntu0.14.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libnss3",
"binary_version": "2:3.19.2-0ubuntu0.14.04.1"
},
{
"binary_name": "libnss3-1d",
"binary_version": "2:3.19.2-0ubuntu0.14.04.1"
},
{
"binary_name": "libnss3-nssdb",
"binary_version": "2:3.19.2-0ubuntu0.14.04.1"
},
{
"binary_name": "libnss3-tools",
"binary_version": "2:3.19.2-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "nss",
"purl": "pkg:deb/ubuntu/nss@2:3.19.2-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:3.19.2-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2:3.15.1-1ubuntu1",
"2:3.15.2-1",
"2:3.15.3-1",
"2:3.15.3.1-1",
"2:3.15.3.1-1.1",
"2:3.15.3.1-1.1ubuntu1",
"2:3.15.4-1ubuntu3",
"2:3.15.4-1ubuntu4",
"2:3.15.4-1ubuntu5",
"2:3.15.4-1ubuntu6",
"2:3.15.4-1ubuntu7",
"2:3.15.4-1ubuntu7.1",
"2:3.17-0ubuntu0.14.04.1",
"2:3.17.1-0ubuntu0.14.04.1",
"2:3.17.1-0ubuntu0.14.04.2",
"2:3.17.4-0ubuntu0.14.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-globalmenu",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-testsuite",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:31.8.0+build1-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:31.8.0+build1-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:24.0+build1-0ubuntu1",
"1:24.0+build1-0ubuntu2",
"1:24.1.1+build1-0ubuntu0.13.10.1",
"1:24.1.1+build1-0ubuntu1",
"1:24.2.0+build1-0ubuntu1",
"1:24.4.0+build1-0ubuntu1",
"1:24.5.0+build1-0ubuntu0.14.04.1",
"1:24.6.0+build1-0ubuntu0.14.04.1",
"1:31.0+build1-0ubuntu0.14.04.1",
"1:31.1.1+build1-0ubuntu0.14.04.1",
"1:31.1.2+build1-0ubuntu0.14.04.1",
"1:31.2.0+build2-0ubuntu0.14.04.1",
"1:31.3.0+build1-0ubuntu0.14.04.1",
"1:31.4.0+build1-0ubuntu0.14.04.1",
"1:31.5.0+build1-0ubuntu0.14.04.1",
"1:31.6.0+build1-0ubuntu0.14.04.1",
"1:31.7.0+build1-0ubuntu0.14.04.1"
]
}
],
"aliases": [],
"details": "Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.",
"id": "UBUNTU-CVE-2015-2730",
"modified": "2026-04-22T07:37:47Z",
"published": "2015-07-05T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2730"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-64/"
},
{
"type": "REPORT",
"url": "https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1125025"
},
{
"type": "REPORT",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-64.html"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2672-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2656-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2656-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2673-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2730"
}
],
"related": [
"USN-2672-1",
"USN-2656-1",
"USN-2656-2",
"USN-2673-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2015-2730"
]
}
ubuntu-cve-2015-2734
Vulnerability from osv_ubuntu
The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-globalmenu",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-testsuite",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@39.0+build5-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "39.0+build5-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"24.0+build1-0ubuntu1",
"25.0+build3-0ubuntu0.13.10.1",
"28.0~b2+build1-0ubuntu2",
"28.0+build1-0ubuntu1",
"28.0+build2-0ubuntu1",
"28.0+build2-0ubuntu2",
"29.0+build1-0ubuntu0.14.04.2",
"30.0+build1-0ubuntu0.14.04.3",
"31.0+build1-0ubuntu0.14.04.1",
"32.0+build1-0ubuntu0.14.04.1",
"32.0.3+build1-0ubuntu0.14.04.1",
"33.0+build2-0ubuntu0.14.04.1",
"34.0+build2-0ubuntu0.14.04.1",
"35.0+build3-0ubuntu0.14.04.2",
"35.0.1+build1-0ubuntu0.14.04.1",
"36.0+build2-0ubuntu0.14.04.4",
"36.0.1+build2-0ubuntu0.14.04.1",
"36.0.4+build1-0ubuntu0.14.04.1",
"37.0+build2-0ubuntu0.14.04.1",
"37.0.1+build1-0ubuntu0.14.04.1",
"37.0.2+build1-0ubuntu0.14.04.1",
"38.0+build3-0ubuntu0.14.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-globalmenu",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-testsuite",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:31.8.0+build1-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:31.8.0+build1-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:24.0+build1-0ubuntu1",
"1:24.0+build1-0ubuntu2",
"1:24.1.1+build1-0ubuntu0.13.10.1",
"1:24.1.1+build1-0ubuntu1",
"1:24.2.0+build1-0ubuntu1",
"1:24.4.0+build1-0ubuntu1",
"1:24.5.0+build1-0ubuntu0.14.04.1",
"1:24.6.0+build1-0ubuntu0.14.04.1",
"1:31.0+build1-0ubuntu0.14.04.1",
"1:31.1.1+build1-0ubuntu0.14.04.1",
"1:31.1.2+build1-0ubuntu0.14.04.1",
"1:31.2.0+build2-0ubuntu0.14.04.1",
"1:31.3.0+build1-0ubuntu0.14.04.1",
"1:31.4.0+build1-0ubuntu0.14.04.1",
"1:31.5.0+build1-0ubuntu0.14.04.1",
"1:31.6.0+build1-0ubuntu0.14.04.1",
"1:31.7.0+build1-0ubuntu0.14.04.1"
]
}
],
"aliases": [],
"details": "The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.",
"id": "UBUNTU-CVE-2015-2734",
"modified": "2026-04-22T07:37:47Z",
"published": "2015-07-05T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2734"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1166082"
},
{
"type": "REPORT",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-66.html"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2656-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2656-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2673-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2734"
}
],
"related": [
"USN-2656-1",
"USN-2656-2",
"USN-2673-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2015-2734"
]
}
ubuntu-cve-2015-2735
Vulnerability from osv_ubuntu
nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-globalmenu",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-testsuite",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@39.0+build5-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "39.0+build5-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"24.0+build1-0ubuntu1",
"25.0+build3-0ubuntu0.13.10.1",
"28.0~b2+build1-0ubuntu2",
"28.0+build1-0ubuntu1",
"28.0+build2-0ubuntu1",
"28.0+build2-0ubuntu2",
"29.0+build1-0ubuntu0.14.04.2",
"30.0+build1-0ubuntu0.14.04.3",
"31.0+build1-0ubuntu0.14.04.1",
"32.0+build1-0ubuntu0.14.04.1",
"32.0.3+build1-0ubuntu0.14.04.1",
"33.0+build2-0ubuntu0.14.04.1",
"34.0+build2-0ubuntu0.14.04.1",
"35.0+build3-0ubuntu0.14.04.2",
"35.0.1+build1-0ubuntu0.14.04.1",
"36.0+build2-0ubuntu0.14.04.4",
"36.0.1+build2-0ubuntu0.14.04.1",
"36.0.4+build1-0ubuntu0.14.04.1",
"37.0+build2-0ubuntu0.14.04.1",
"37.0.1+build1-0ubuntu0.14.04.1",
"37.0.2+build1-0ubuntu0.14.04.1",
"38.0+build3-0ubuntu0.14.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-globalmenu",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-testsuite",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:31.8.0+build1-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:31.8.0+build1-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:24.0+build1-0ubuntu1",
"1:24.0+build1-0ubuntu2",
"1:24.1.1+build1-0ubuntu0.13.10.1",
"1:24.1.1+build1-0ubuntu1",
"1:24.2.0+build1-0ubuntu1",
"1:24.4.0+build1-0ubuntu1",
"1:24.5.0+build1-0ubuntu0.14.04.1",
"1:24.6.0+build1-0ubuntu0.14.04.1",
"1:31.0+build1-0ubuntu0.14.04.1",
"1:31.1.1+build1-0ubuntu0.14.04.1",
"1:31.1.2+build1-0ubuntu0.14.04.1",
"1:31.2.0+build2-0ubuntu0.14.04.1",
"1:31.3.0+build1-0ubuntu0.14.04.1",
"1:31.4.0+build1-0ubuntu0.14.04.1",
"1:31.5.0+build1-0ubuntu0.14.04.1",
"1:31.6.0+build1-0ubuntu0.14.04.1",
"1:31.7.0+build1-0ubuntu0.14.04.1"
]
}
],
"aliases": [],
"details": "nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.",
"id": "UBUNTU-CVE-2015-2735",
"modified": "2026-04-22T07:37:47Z",
"published": "2015-07-05T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2735"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1166900"
},
{
"type": "REPORT",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-66.html"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2656-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2656-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2673-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2735"
}
],
"related": [
"USN-2656-1",
"USN-2656-2",
"USN-2673-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2015-2735"
]
}
ubuntu-cve-2015-2736
Vulnerability from osv_ubuntu
The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-globalmenu",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-testsuite",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@39.0+build5-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "39.0+build5-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"24.0+build1-0ubuntu1",
"25.0+build3-0ubuntu0.13.10.1",
"28.0~b2+build1-0ubuntu2",
"28.0+build1-0ubuntu1",
"28.0+build2-0ubuntu1",
"28.0+build2-0ubuntu2",
"29.0+build1-0ubuntu0.14.04.2",
"30.0+build1-0ubuntu0.14.04.3",
"31.0+build1-0ubuntu0.14.04.1",
"32.0+build1-0ubuntu0.14.04.1",
"32.0.3+build1-0ubuntu0.14.04.1",
"33.0+build2-0ubuntu0.14.04.1",
"34.0+build2-0ubuntu0.14.04.1",
"35.0+build3-0ubuntu0.14.04.2",
"35.0.1+build1-0ubuntu0.14.04.1",
"36.0+build2-0ubuntu0.14.04.4",
"36.0.1+build2-0ubuntu0.14.04.1",
"36.0.4+build1-0ubuntu0.14.04.1",
"37.0+build2-0ubuntu0.14.04.1",
"37.0.1+build1-0ubuntu0.14.04.1",
"37.0.2+build1-0ubuntu0.14.04.1",
"38.0+build3-0ubuntu0.14.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-globalmenu",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-testsuite",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:31.8.0+build1-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:31.8.0+build1-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:24.0+build1-0ubuntu1",
"1:24.0+build1-0ubuntu2",
"1:24.1.1+build1-0ubuntu0.13.10.1",
"1:24.1.1+build1-0ubuntu1",
"1:24.2.0+build1-0ubuntu1",
"1:24.4.0+build1-0ubuntu1",
"1:24.5.0+build1-0ubuntu0.14.04.1",
"1:24.6.0+build1-0ubuntu0.14.04.1",
"1:31.0+build1-0ubuntu0.14.04.1",
"1:31.1.1+build1-0ubuntu0.14.04.1",
"1:31.1.2+build1-0ubuntu0.14.04.1",
"1:31.2.0+build2-0ubuntu0.14.04.1",
"1:31.3.0+build1-0ubuntu0.14.04.1",
"1:31.4.0+build1-0ubuntu0.14.04.1",
"1:31.5.0+build1-0ubuntu0.14.04.1",
"1:31.6.0+build1-0ubuntu0.14.04.1",
"1:31.7.0+build1-0ubuntu0.14.04.1"
]
}
],
"aliases": [],
"details": "The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.",
"id": "UBUNTU-CVE-2015-2736",
"modified": "2026-04-22T07:37:47Z",
"published": "2015-07-05T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2736"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1167888"
},
{
"type": "REPORT",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-66.html"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2656-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2656-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2673-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2736"
}
],
"related": [
"USN-2656-1",
"USN-2656-2",
"USN-2673-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2015-2736"
]
}
ubuntu-cve-2015-2737
Vulnerability from osv_ubuntu
The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-globalmenu",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-testsuite",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@39.0+build5-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "39.0+build5-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"24.0+build1-0ubuntu1",
"25.0+build3-0ubuntu0.13.10.1",
"28.0~b2+build1-0ubuntu2",
"28.0+build1-0ubuntu1",
"28.0+build2-0ubuntu1",
"28.0+build2-0ubuntu2",
"29.0+build1-0ubuntu0.14.04.2",
"30.0+build1-0ubuntu0.14.04.3",
"31.0+build1-0ubuntu0.14.04.1",
"32.0+build1-0ubuntu0.14.04.1",
"32.0.3+build1-0ubuntu0.14.04.1",
"33.0+build2-0ubuntu0.14.04.1",
"34.0+build2-0ubuntu0.14.04.1",
"35.0+build3-0ubuntu0.14.04.2",
"35.0.1+build1-0ubuntu0.14.04.1",
"36.0+build2-0ubuntu0.14.04.4",
"36.0.1+build2-0ubuntu0.14.04.1",
"36.0.4+build1-0ubuntu0.14.04.1",
"37.0+build2-0ubuntu0.14.04.1",
"37.0.1+build1-0ubuntu0.14.04.1",
"37.0.2+build1-0ubuntu0.14.04.1",
"38.0+build3-0ubuntu0.14.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-globalmenu",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-testsuite",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:31.8.0+build1-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:31.8.0+build1-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:24.0+build1-0ubuntu1",
"1:24.0+build1-0ubuntu2",
"1:24.1.1+build1-0ubuntu0.13.10.1",
"1:24.1.1+build1-0ubuntu1",
"1:24.2.0+build1-0ubuntu1",
"1:24.4.0+build1-0ubuntu1",
"1:24.5.0+build1-0ubuntu0.14.04.1",
"1:24.6.0+build1-0ubuntu0.14.04.1",
"1:31.0+build1-0ubuntu0.14.04.1",
"1:31.1.1+build1-0ubuntu0.14.04.1",
"1:31.1.2+build1-0ubuntu0.14.04.1",
"1:31.2.0+build2-0ubuntu0.14.04.1",
"1:31.3.0+build1-0ubuntu0.14.04.1",
"1:31.4.0+build1-0ubuntu0.14.04.1",
"1:31.5.0+build1-0ubuntu0.14.04.1",
"1:31.6.0+build1-0ubuntu0.14.04.1",
"1:31.7.0+build1-0ubuntu0.14.04.1"
]
}
],
"aliases": [],
"details": "The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.",
"id": "UBUNTU-CVE-2015-2737",
"modified": "2026-04-22T07:37:47Z",
"published": "2015-07-05T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2737"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1167332"
},
{
"type": "REPORT",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-66.html"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2656-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2656-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2673-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2737"
}
],
"related": [
"USN-2656-1",
"USN-2656-2",
"USN-2673-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2015-2737"
]
}
ubuntu-cve-2015-2738
Vulnerability from osv_ubuntu
The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-globalmenu",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-testsuite",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@39.0+build5-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "39.0+build5-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"24.0+build1-0ubuntu1",
"25.0+build3-0ubuntu0.13.10.1",
"28.0~b2+build1-0ubuntu2",
"28.0+build1-0ubuntu1",
"28.0+build2-0ubuntu1",
"28.0+build2-0ubuntu2",
"29.0+build1-0ubuntu0.14.04.2",
"30.0+build1-0ubuntu0.14.04.3",
"31.0+build1-0ubuntu0.14.04.1",
"32.0+build1-0ubuntu0.14.04.1",
"32.0.3+build1-0ubuntu0.14.04.1",
"33.0+build2-0ubuntu0.14.04.1",
"34.0+build2-0ubuntu0.14.04.1",
"35.0+build3-0ubuntu0.14.04.2",
"35.0.1+build1-0ubuntu0.14.04.1",
"36.0+build2-0ubuntu0.14.04.4",
"36.0.1+build2-0ubuntu0.14.04.1",
"36.0.4+build1-0ubuntu0.14.04.1",
"37.0+build2-0ubuntu0.14.04.1",
"37.0.1+build1-0ubuntu0.14.04.1",
"37.0.2+build1-0ubuntu0.14.04.1",
"38.0+build3-0ubuntu0.14.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-globalmenu",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-testsuite",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:31.8.0+build1-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:31.8.0+build1-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:24.0+build1-0ubuntu1",
"1:24.0+build1-0ubuntu2",
"1:24.1.1+build1-0ubuntu0.13.10.1",
"1:24.1.1+build1-0ubuntu1",
"1:24.2.0+build1-0ubuntu1",
"1:24.4.0+build1-0ubuntu1",
"1:24.5.0+build1-0ubuntu0.14.04.1",
"1:24.6.0+build1-0ubuntu0.14.04.1",
"1:31.0+build1-0ubuntu0.14.04.1",
"1:31.1.1+build1-0ubuntu0.14.04.1",
"1:31.1.2+build1-0ubuntu0.14.04.1",
"1:31.2.0+build2-0ubuntu0.14.04.1",
"1:31.3.0+build1-0ubuntu0.14.04.1",
"1:31.4.0+build1-0ubuntu0.14.04.1",
"1:31.5.0+build1-0ubuntu0.14.04.1",
"1:31.6.0+build1-0ubuntu0.14.04.1",
"1:31.7.0+build1-0ubuntu0.14.04.1"
]
}
],
"aliases": [],
"details": "The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.",
"id": "UBUNTU-CVE-2015-2738",
"modified": "2026-04-22T07:37:47Z",
"published": "2015-07-05T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2738"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1167356"
},
{
"type": "REPORT",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-66.html"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2656-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2656-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2673-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2738"
}
],
"related": [
"USN-2656-1",
"USN-2656-2",
"USN-2673-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2015-2738"
]
}
ubuntu-cve-2015-2739
Vulnerability from osv_ubuntu
The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-globalmenu",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-testsuite",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@39.0+build5-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "39.0+build5-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"24.0+build1-0ubuntu1",
"25.0+build3-0ubuntu0.13.10.1",
"28.0~b2+build1-0ubuntu2",
"28.0+build1-0ubuntu1",
"28.0+build2-0ubuntu1",
"28.0+build2-0ubuntu2",
"29.0+build1-0ubuntu0.14.04.2",
"30.0+build1-0ubuntu0.14.04.3",
"31.0+build1-0ubuntu0.14.04.1",
"32.0+build1-0ubuntu0.14.04.1",
"32.0.3+build1-0ubuntu0.14.04.1",
"33.0+build2-0ubuntu0.14.04.1",
"34.0+build2-0ubuntu0.14.04.1",
"35.0+build3-0ubuntu0.14.04.2",
"35.0.1+build1-0ubuntu0.14.04.1",
"36.0+build2-0ubuntu0.14.04.4",
"36.0.1+build2-0ubuntu0.14.04.1",
"36.0.4+build1-0ubuntu0.14.04.1",
"37.0+build2-0ubuntu0.14.04.1",
"37.0.1+build1-0ubuntu0.14.04.1",
"37.0.2+build1-0ubuntu0.14.04.1",
"38.0+build3-0ubuntu0.14.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-globalmenu",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-testsuite",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:31.8.0+build1-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:31.8.0+build1-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:24.0+build1-0ubuntu1",
"1:24.0+build1-0ubuntu2",
"1:24.1.1+build1-0ubuntu0.13.10.1",
"1:24.1.1+build1-0ubuntu1",
"1:24.2.0+build1-0ubuntu1",
"1:24.4.0+build1-0ubuntu1",
"1:24.5.0+build1-0ubuntu0.14.04.1",
"1:24.6.0+build1-0ubuntu0.14.04.1",
"1:31.0+build1-0ubuntu0.14.04.1",
"1:31.1.1+build1-0ubuntu0.14.04.1",
"1:31.1.2+build1-0ubuntu0.14.04.1",
"1:31.2.0+build2-0ubuntu0.14.04.1",
"1:31.3.0+build1-0ubuntu0.14.04.1",
"1:31.4.0+build1-0ubuntu0.14.04.1",
"1:31.5.0+build1-0ubuntu0.14.04.1",
"1:31.6.0+build1-0ubuntu0.14.04.1",
"1:31.7.0+build1-0ubuntu0.14.04.1"
]
}
],
"aliases": [],
"details": "The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors.",
"id": "UBUNTU-CVE-2015-2739",
"modified": "2026-04-22T07:37:47Z",
"published": "2015-07-05T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2739"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1168207"
},
{
"type": "REPORT",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-66.html"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2656-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2656-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2673-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2739"
}
],
"related": [
"USN-2656-1",
"USN-2656-2",
"USN-2673-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2015-2739"
]
}
ubuntu-cve-2015-2740
Vulnerability from osv_ubuntu
Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-globalmenu",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-testsuite",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@39.0+build5-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "39.0+build5-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"24.0+build1-0ubuntu1",
"25.0+build3-0ubuntu0.13.10.1",
"28.0~b2+build1-0ubuntu2",
"28.0+build1-0ubuntu1",
"28.0+build2-0ubuntu1",
"28.0+build2-0ubuntu2",
"29.0+build1-0ubuntu0.14.04.2",
"30.0+build1-0ubuntu0.14.04.3",
"31.0+build1-0ubuntu0.14.04.1",
"32.0+build1-0ubuntu0.14.04.1",
"32.0.3+build1-0ubuntu0.14.04.1",
"33.0+build2-0ubuntu0.14.04.1",
"34.0+build2-0ubuntu0.14.04.1",
"35.0+build3-0ubuntu0.14.04.2",
"35.0.1+build1-0ubuntu0.14.04.1",
"36.0+build2-0ubuntu0.14.04.4",
"36.0.1+build2-0ubuntu0.14.04.1",
"36.0.4+build1-0ubuntu0.14.04.1",
"37.0+build2-0ubuntu0.14.04.1",
"37.0.1+build1-0ubuntu0.14.04.1",
"37.0.2+build1-0ubuntu0.14.04.1",
"38.0+build3-0ubuntu0.14.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-globalmenu",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-testsuite",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:31.8.0+build1-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:31.8.0+build1-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:24.0+build1-0ubuntu1",
"1:24.0+build1-0ubuntu2",
"1:24.1.1+build1-0ubuntu0.13.10.1",
"1:24.1.1+build1-0ubuntu1",
"1:24.2.0+build1-0ubuntu1",
"1:24.4.0+build1-0ubuntu1",
"1:24.5.0+build1-0ubuntu0.14.04.1",
"1:24.6.0+build1-0ubuntu0.14.04.1",
"1:31.0+build1-0ubuntu0.14.04.1",
"1:31.1.1+build1-0ubuntu0.14.04.1",
"1:31.1.2+build1-0ubuntu0.14.04.1",
"1:31.2.0+build2-0ubuntu0.14.04.1",
"1:31.3.0+build1-0ubuntu0.14.04.1",
"1:31.4.0+build1-0ubuntu0.14.04.1",
"1:31.5.0+build1-0ubuntu0.14.04.1",
"1:31.6.0+build1-0ubuntu0.14.04.1",
"1:31.7.0+build1-0ubuntu0.14.04.1"
]
}
],
"aliases": [],
"details": "Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors.",
"id": "UBUNTU-CVE-2015-2740",
"modified": "2026-04-22T07:37:47Z",
"published": "2015-07-05T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2740"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1170809"
},
{
"type": "REPORT",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-66.html"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2656-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2656-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2673-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2740"
}
],
"related": [
"USN-2656-1",
"USN-2656-2",
"USN-2673-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2015-2740"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.