Vulnerabilities > CVE-2015-2716 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.

Vulnerable Configurations

Part Description Count
Application
Mozilla
572
Application
Novell
1
OS
Novell
2
OS
Opensuse
2
OS
Oracle
1

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150518_THUNDERBIRD_ON_SL5_X.NASL
    descriptionSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-2708, CVE-2015-2710, CVE-2015-2713) A heap-based buffer overflow flaw was found in the way Thunderbird processed compressed XML data. An attacker could create specially crafted compressed XML content that, when processed by Thunderbird, could cause it to crash or execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-2716) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.
    last seen2020-03-18
    modified2015-05-19
    plugin id83538
    published2015-05-19
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83538
    titleScientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20150518)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-374.NASL
    descriptionThe Mozilla Thunderbird email, news, and chat client was updated to version 31.7.0 to fix several security issues. The following vulnerabilities were fixed (bnc#930622) : - MFSA 2015-46/CVE-2015-2708 Miscellaneous memory safety hazards - MFSA 2015-47/CVE-2015-0797 (bmo#1080995) Buffer overflow parsing H.264 video with Linux Gstreamer - MFSA 2015-48/CVE-2015-2710 (bmo#1149542) Buffer overflow with SVG content and CSS - MFSA 2015-51/CVE-2015-2713 (bmo#1153478) Use-after-free during text processing with vertical text enabled - MFSA 2015-54/CVE-2015-2716 (bmo#1140537) Buffer overflow when parsing compressed XML - MFSA 2015-57/CVE-2011-3079 (bmo#1087565) Privilege escalation through IPC channel messages
    last seen2020-06-05
    modified2015-05-26
    plugin id83800
    published2015-05-26
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83800
    titleopenSUSE Security Update : MozillaThunderbird (openSUSE-2015-374)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_D9B43004F5FD4807B1D7DBF66455B244.NASL
    descriptionThe Mozilla Project reports : MFSA-2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7) MFSA-2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer MFSA-2015-48 Buffer overflow with SVG content and CSS MFSA-2015-49 Referrer policy ignored when links opened by middle-click and context menu MFSA-2015-50 Out-of-bounds read and write in asm.js validation MFSA-2015-51 Use-after-free during text processing with vertical text enabled MFSA-2015-52 Sensitive URL encoded information written to Android logcat MFSA-2015-53 Use-after-free due to Media Decoder Thread creation during shutdown MFSA-2015-54 Buffer overflow when parsing compressed XML MFSA-2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata MFSA-2015-56 Untrusted site hosting trusted page can intercept webchannel responses MFSA-2015-57 Privilege escalation through IPC channel messages MFSA-2015-58 Mozilla Windows updater can be run outside of application directory MFSA 2015-93 Integer overflows in libstagefright while processing MP4 video metadata
    last seen2020-06-01
    modified2020-06-02
    plugin id83389
    published2015-05-13
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83389
    titleFreeBSD : mozilla -- multiple vulnerabilities (d9b43004-f5fd-4807-b1d7-dbf66455b244)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-0988.NASL
    descriptionFrom Red Hat Security Advisory 2015:0988 : Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-2708, CVE-2015-0797, CVE-2015-2710, CVE-2015-2713) A heap-based buffer overflow flaw was found in the way Firefox processed compressed XML data. An attacker could create specially crafted compressed XML content that, when processed by Firefox, could cause it to crash or execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-2716) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jesse Ruderman, Mats Palmgren, Byron Campen, Steve Fink, Aki Helin, Atte Kettunen, Scott Bell, and Ucha Gobejishvili as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2015-05-13
    plugin id83403
    published2015-05-13
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83403
    titleOracle Linux 5 / 6 / 7 : firefox (ELSA-2015-0988)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3260.NASL
    descriptionMultiple security issues have been found in Iceweasel, Debian
    last seen2020-06-01
    modified2020-06-02
    plugin id83423
    published2015-05-13
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83423
    titleDebian DSA-3260-1 : iceweasel - security update
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_31_7_ESR.NASL
    descriptionThe version of Firefox ESR 31.x installed on the remote Mac OS X host is prior to 31.7. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist within the browser engine. A remote attacker can exploit these to corrupt memory and execute arbitrary code. (CVE-2015-2708) - A buffer overflow condition exists in SVGTextFrame.cpp when rendering SVG graphics that are combined with certain CSS properties due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in the execution of arbitrary code. (CVE-2015-2710) - A use-after-free error exists due to improper processing of text when vertical text is enabled. A remote attacker can exploit this to dereference already freed memory. (CVE-2015-2713) - A buffer overflow condition exists in the XML_GetBuffer() function in xmlparse.c due to improper validation of user-supplied input when handling compressed XML content. An attacker can exploit this to cause a buffer overflow, resulting in the execution of arbitrary code. (CVE-2015-2716)
    last seen2020-06-01
    modified2020-06-02
    plugin id83436
    published2015-05-13
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83436
    titleFirefox ESR 31.x < 31.7 Multiple Vulnerabilities (Mac OS X)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-1012.NASL
    descriptionFrom Red Hat Security Advisory 2015:1012 : An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-2708, CVE-2015-2710, CVE-2015-2713) A heap-based buffer overflow flaw was found in the way Thunderbird processed compressed XML data. An attacker could create specially crafted compressed XML content that, when processed by Thunderbird, could cause it to crash or execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-2716) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jesse Ruderman, Mats Palmgren, Byron Campen, Steve Fink, Atte Kettunen, Scott Bell, and Ucha Gobejishvili as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 31.7. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 31.7, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2015-05-19
    plugin id83535
    published2015-05-19
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83535
    titleOracle Linux 6 / 7 : thunderbird (ELSA-2015-1012)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_FF76F0E03F1111E6B3C814DAE9D210B8.NASL
    descriptionAdam Maris reports : It was found that original patch for issues CVE-2015-1283 and CVE-2015-2716 used overflow checks that could be optimized out by some compilers applying certain optimization settings, which can cause the vulnerability to remain even after applying the patch.
    last seen2020-06-01
    modified2020-06-02
    plugin id91913
    published2016-07-01
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91913
    titleFreeBSD : expat2 -- denial of service (ff76f0e0-3f11-11e6-b3c8-14dae9d210b8)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-0988.NASL
    descriptionUpdated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-2708, CVE-2015-0797, CVE-2015-2710, CVE-2015-2713) A heap-based buffer overflow flaw was found in the way Firefox processed compressed XML data. An attacker could create specially crafted compressed XML content that, when processed by Firefox, could cause it to crash or execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-2716) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jesse Ruderman, Mats Palmgren, Byron Campen, Steve Fink, Aki Helin, Atte Kettunen, Scott Bell, and Ucha Gobejishvili as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id83378
    published2015-05-13
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83378
    titleCentOS 5 / 6 / 7 : firefox (CESA-2015:0988)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_THUNDERBIRD_31_7.NASL
    descriptionThe version of Thunderbird installed on the remote Mac OS X host is prior to 31.7. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist within the browser engine. A remote attacker can exploit these to corrupt memory and execute arbitrary code. (CVE-2015-2708) - A buffer overflow condition exists in SVGTextFrame.cpp when rendering SVG graphics that are combined with certain CSS properties due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in the execution of arbitrary code. (CVE-2015-2710) - A use-after-free error exists due to improper processing of text when vertical text is enabled. A remote attacker can exploit this to dereference already freed memory. (CVE-2015-2713) - A buffer overflow condition exists in the XML_GetBuffer() function in xmlparse.c due to improper validation of user-supplied input when handling compressed XML content. An attacker can exploit this to cause a buffer overflow, resulting in the execution of arbitrary code. (CVE-2015-2716)
    last seen2020-06-01
    modified2020-06-02
    plugin id83463
    published2015-05-14
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83463
    titleMozilla Thunderbird < 31.7 Multiple Vulnerabilities (Mac OS X)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1012.NASL
    descriptionAn updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-2708, CVE-2015-2710, CVE-2015-2713) A heap-based buffer overflow flaw was found in the way Thunderbird processed compressed XML data. An attacker could create specially crafted compressed XML content that, when processed by Thunderbird, could cause it to crash or execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-2716) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jesse Ruderman, Mats Palmgren, Byron Campen, Steve Fink, Atte Kettunen, Scott Bell, and Ucha Gobejishvili as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 31.7. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 31.7, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2015-05-19
    plugin id83537
    published2015-05-19
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83537
    titleRHEL 5 / 6 / 7 : thunderbird (RHSA-2015:1012)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150512_FIREFOX_ON_SL5_X.NASL
    descriptionSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-2708, CVE-2015-0797, CVE-2015-2710, CVE-2015-2713) A heap-based buffer overflow flaw was found in the way Firefox processed compressed XML data. An attacker could create specially crafted compressed XML content that, when processed by Firefox, could cause it to crash or execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-2716) After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-03-18
    modified2015-05-14
    plugin id83450
    published2015-05-14
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83450
    titleScientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20150512)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-1011.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1011 advisory. - expat: Integer overflow leading to buffer overflow in XML_GetBuffer() (CVE-2015-2716) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-06
    modified2020-04-10
    plugin id135315
    published2020-04-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135315
    titleCentOS 7 : expat (CESA-2020:1011)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_38.NASL
    descriptionThe version of Firefox installed on the remote Mac OS X host is prior to 38.0. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist within the browser engine. A remote attacker can exploit these to corrupt memory and execute arbitrary code. (CVE-2015-2708, CVE-2015-2709) - A buffer overflow condition exists in SVGTextFrame.cpp when rendering SVG graphics that are combined with certain CSS properties due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in the execution of arbitrary code. (CVE-2015-2710) - A security bypass vulnerability exists due to the referrer policy not being enforced in certain situations when opening links (e.g. using the context menu or a middle-clicks by mouse). A remote attacker can exploit this to bypass intended policy settings. (CVE-2015-2711) - An out-of-bounds read and write issue exists in the CheckHeapLengthCondition() function due to improper JavaScript validation of heap lengths. A remote attacker can exploit this, via a specially crafted web page, to disclose memory contents. (CVE-2015-2712) - A use-after-free error exists due to improper processing of text when vertical text is enabled. A remote attacker can exploit this to dereference already freed memory. (CVE-2015-2713) - A use-after-free error exists in the RegisterCurrentThread() function in nsThreadManager.cpp due to a race condition related to media decoder threads created during the shutdown process. A remote attacker can exploit this to dereference already freed memory. (CVE-2015-2715) - A buffer overflow condition exists in the XML_GetBuffer() function in xmlparse.c due to improper validation of user-supplied input when handling compressed XML content. An attacker can exploit this to cause a buffer overflow, resulting in the execution of arbitrary code. (CVE-2015-2716) - An integer overflow condition exists in the parseChunk() function in MPEG4Extractor.cpp due to improper handling of MP4 video metadata in chunks. A remote attacker can exploit this, via specially crafted media content, to cause a heap-based buffer overflow, resulting in the execution of arbitrary code. (CVE-2015-2717) - A security bypass vulnerability exists in WebChannel.jsm due to improper handling of message traffic. An untrusted page hosting a trusted page within an iframe can intercept webchannel responses for the trusted page. This allows a remote attacker, via a specially crafted web page, to bypass origin restrictions, resulting in the disclosure of sensitive information. (CVE-2015-2718) - Multiple integer overflow conditions exist in the bundled libstagefright component due to improper validation of user-supplied input when processing MPEG4 sample metadata. A remote attacker can exploit this, via specially crafted media content, to execute arbitrary code. (CVE-2015-4496)
    last seen2020-06-01
    modified2020-06-02
    plugin id83437
    published2015-05-13
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83437
    titleFirefox < 38.0 Multiple Vulnerabilities (Mac OS X)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3264.NASL
    descriptionMultiple security issues have been found in Icedove, Debian
    last seen2020-06-01
    modified2020-06-02
    plugin id83547
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83547
    titleDebian DSA-3264-1 : icedove - security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1698.NASL
    descriptionAccording to the versions of the expat packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.(CVE-2016-5300) - The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.(CVE-2016-4472) - Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.(CVE-2015-1283) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126540
    published2019-07-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126540
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : expat (EulerOS-SA-2019-1698)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201605-06.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201605-06 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Firefox, NSS, NSPR, and Thunderbird. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impacts. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id91379
    published2016-05-31
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91379
    titleGLSA-201605-06 : Mozilla Products: Multiple vulnerabilities (Logjam) (SLOTH)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-0978-1.NASL
    descriptionThis update to Firefox 31.7.0 ESR fixes the following issues : MFSA 2015-46 (CVE-2015-2708, CVE-2015-2709): Miscellaneous memory safety hazards (rv:38.0 / rv:31.7). Upstream references: bmo#1120655, bmo#1143299, bmo#1151139, bmo#1152177, bmo#1111251, bmo#1117977, bmo#1128064, bmo#1135066, bmo#1143194, bmo#1146101, bmo#1149526, bmo#1153688, bmo#1155474. MFSA 2015-47 (CVE-2015-0797): Buffer overflow parsing H.264 video with Linux Gstreamer. Upstream references: bmo#1080995. MFSA 2015-48 (CVE-2015-2710): Buffer overflow with SVG content and CSS. Upstream references: bmo#1149542. MFSA 2015-51 (CVE-2015-2713): Use-after-free during text processing with vertical text enabled. Upstream references: bmo#1153478. MFSA 2015-54 (CVE-2015-2716): Buffer overflow when parsing compressed XML. Upstream references: bmo#1140537. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id83947
    published2015-06-02
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83947
    titleSUSE SLED11 / SLES11 Security Update : MozillaFirefox (SUSE-SU-2015:0978-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1742.NASL
    descriptionAccording to the versions of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ( Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.(CVE-2015-1283) - The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.(CVE-2016-4472) - The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.(CVE-2016-5300) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-07-22
    plugin id126869
    published2019-07-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126869
    titleEulerOS 2.0 SP2 : expat (EulerOS-SA-2019-1742)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2602-1.NASL
    descriptionJesse Ruderman, Mats Palmgren, Byron Campen, Steve Fink, Gary Kwong, Andrew McCreight, Christian Holler, Jon Coppeard, and Milan Sreckovic discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2708, CVE-2015-2709) Atte Kettunen discovered a buffer overflow during the rendering of SVG content with certain CSS properties in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2710) Alex Verstak discovered that <meta name=
    last seen2020-06-01
    modified2020-06-02
    plugin id83434
    published2015-05-13
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83434
    titleUbuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : firefox vulnerabilities (USN-2602-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0988.NASL
    descriptionUpdated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-2708, CVE-2015-0797, CVE-2015-2710, CVE-2015-2713) A heap-based buffer overflow flaw was found in the way Firefox processed compressed XML data. An attacker could create specially crafted compressed XML content that, when processed by Firefox, could cause it to crash or execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-2716) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jesse Ruderman, Mats Palmgren, Byron Campen, Steve Fink, Aki Helin, Atte Kettunen, Scott Bell, and Ucha Gobejishvili as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2015-05-13
    plugin id83409
    published2015-05-13
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83409
    titleRHEL 5 / 6 / 7 : firefox (RHSA-2015:0988)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2063.NASL
    descriptionAccording to the versions of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).(CVE-2018-20843) - ( Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.(CVE-2015-1283) - The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.(CVE-2016-4472) - The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.(CVE-2016-5300) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-24
    plugin id129256
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129256
    titleEulerOS 2.0 SP3 : expat (EulerOS-SA-2019-2063)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200407_EXPAT_ON_SL7_X.NASL
    description* expat: Integer overflow leading to buffer overflow in XML_GetBuffer()
    last seen2020-04-30
    modified2020-04-21
    plugin id135808
    published2020-04-21
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135808
    titleScientific Linux Security Update : expat on SL7.x x86_64 (20200407)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL50459349.NASL
    descriptionBuffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283. (CVE-2015-2716)
    last seen2020-03-17
    modified2017-03-01
    plugin id97446
    published2017-03-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97446
    titleF5 Networks BIG-IP : Expat XML library vulnerability (K50459349)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1666.NASL
    descriptionAccording to the versions of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ( Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.(CVE-2015-1283) - The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.(CVE-2016-4472) - The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.(CVE-2016-5300) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-06-27
    plugin id126293
    published2019-06-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126293
    titleEulerOS 2.0 SP5 : expat (EulerOS-SA-2019-1666)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_31_7_ESR.NASL
    descriptionThe version of Firefox ESR 31.x installed on the remote Windows host is prior to 31.7. It is, therefore, affected by the following vulnerabilities : - A privilege escalation vulnerability exists in the Inter-process Communications (IPC) implementation due to a failure to validate the identity of a listener process. (CVE-2011-3079) - Multiple memory corruption issues exist within the browser engine. A remote attacker can exploit these to corrupt memory and execute arbitrary code. (CVE-2015-2708) - A buffer overflow condition exists in SVGTextFrame.cpp when rendering SVG graphics that are combined with certain CSS properties due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in the execution of arbitrary code. (CVE-2015-2710) - A use-after-free error exists due to improper processing of text when vertical text is enabled. A remote attacker can exploit this to dereference already freed memory. (CVE-2015-2713) - A buffer overflow condition exists in the XML_GetBuffer() function in xmlparse.c due to improper validation of user-supplied input when handling compressed XML content. An attacker can exploit this to cause a buffer overflow, resulting in the execution of arbitrary code. (CVE-2015-2716)
    last seen2020-06-01
    modified2020-06-02
    plugin id83438
    published2015-05-13
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83438
    titleFirefox ESR 31.x < 31.7 Multiple Vulnerabilities
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL15104541.NASL
    descriptionMultiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. (CVE-2015-1283)
    last seen2020-03-19
    modified2016-10-12
    plugin id93971
    published2016-10-12
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93971
    titleF5 Networks BIG-IP : Expat XML library vulnerability (K15104541)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2020-1364.NASL
    descriptionBuffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283 . (CVE-2015-2716)
    last seen2020-05-21
    modified2020-05-15
    plugin id136625
    published2020-05-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136625
    titleAmazon Linux AMI : expat (ALAS-2020-1364)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_38_0.NASL
    descriptionThe version of Firefox installed on the remote Windows host is prior to 38.0. It is, therefore, affected by the following vulnerabilities : - A privilege escalation vulnerability exists in the Inter-process Communications (IPC) implementation due to a failure to validate the identity of a listener process. (CVE-2011-3079) - An issue exists in the Mozilla updater in which DLL files in the current working directory or Windows temporary directories will be loaded, allowing the execution of arbitrary code. (CVE-2015-0833 / CVE-2015-2720) - Multiple memory corruption issues exist within the browser engine. A remote attacker can exploit these to corrupt memory and execute arbitrary code. (CVE-2015-2708, CVE-2015-2709) - A buffer overflow condition exists in SVGTextFrame.cpp when rendering SVG graphics that are combined with certain CSS properties due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in the execution of arbitrary code. (CVE-2015-2710) - A security bypass vulnerability exists due to the referrer policy not being enforced in certain situations when opening links (e.g. using the context menu or a middle-clicks by mouse). A remote attacker can exploit this to bypass intended policy settings. (CVE-2015-2711) - An out-of-bounds read and write issue exists in the CheckHeapLengthCondition() function due to improper JavaScript validation of heap lengths. A remote attacker can exploit this, via a specially crafted web page, to disclose memory contents. (CVE-2015-2712) - A use-after-free error exists due to improper processing of text when vertical text is enabled. A remote attacker can exploit this to dereference already freed memory. (CVE-2015-2713) - A use-after-free error exists in the RegisterCurrentThread() function in nsThreadManager.cpp due to a race condition related to media decoder threads created during the shutdown process. A remote attacker can exploit this to dereference already freed memory. (CVE-2015-2715) - A buffer overflow condition exists in the XML_GetBuffer() function in xmlparse.c due to improper validation of user-supplied input when handling compressed XML content. An attacker can exploit this to cause a buffer overflow, resulting in the execution of arbitrary code. (CVE-2015-2716) - An integer overflow condition exists in the parseChunk() function in MPEG4Extractor.cpp due to improper handling of MP4 video metadata in chunks. A remote attacker can exploit this, via specially crafted media content, to cause a heap-based buffer overflow, resulting in the execution of arbitrary code. (CVE-2015-2717) - A security bypass vulnerability exists in WebChannel.jsm due to improper handling of message traffic. An untrusted page hosting a trusted page within an iframe can intercept webchannel responses for the trusted page. This allows a remote attacker, via a specially crafted web page, to bypass origin restrictions, resulting in the disclosure of sensitive information. (CVE-2015-2718) - Multiple integer overflow conditions exist in the bundled libstagefright component due to improper validation of user-supplied input when processing MPEG4 sample metadata. A remote attacker can exploit this, via specially crafted media content, to execute arbitrary code. (CVE-2015-4496)
    last seen2020-06-01
    modified2020-06-02
    plugin id83439
    published2015-05-13
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83439
    titleFirefox < 38.0 Multiple Vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-281.NASL
    descriptionMultiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2015-07-27
    plugin id84990
    published2015-07-27
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84990
    titleDebian DLA-281-1 : expat security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-375.NASL
    descriptionThe Mozilla Firefox web browser was updated to version 38.0.1 to fix several security and non-security issues. This update also includes a Mozilla Network Security Services (NSS) update to version 3.18.1. The following vulnerabilities and issues were fixed : Changes in Mozilla Firefox : - update to Firefox 38.0.1 stability and regression fixes - Systems with first generation NVidia Optimus graphics cards may crash on start-up - Users who import cookies from Google Chrome can end up with broken websites - Large animated images may fail to play and may stop other images from loading - update to Firefox 38.0 (bnc#930622) - New tab-based preferences - Ruby annotation support - more info: https://www.mozilla.org/en-US/firefox/38.0/releasenotes/ security fixes : - MFSA 2015-46/CVE-2015-2708/CVE-2015-2709 Miscellaneous memory safety hazards - MFSA 2015-47/VE-2015-0797 (bmo#1080995) Buffer overflow parsing H.264 video with Linux Gstreamer - MFSA 2015-48/CVE-2015-2710 (bmo#1149542) Buffer overflow with SVG content and CSS - MFSA 2015-49/CVE-2015-2711 (bmo#1113431) Referrer policy ignored when links opened by middle-click and context menu - MFSA 2015-50/CVE-2015-2712 (bmo#1152280) Out-of-bounds read and write in asm.js validation - MFSA 2015-51/CVE-2015-2713 (bmo#1153478) Use-after-free during text processing with vertical text enabled - MFSA 2015-53/CVE-2015-2715 (bmo#988698) Use-after-free due to Media Decoder Thread creation during shutdown - MFSA 2015-54/CVE-2015-2716 (bmo#1140537) Buffer overflow when parsing compressed XML - MFSA 2015-55/CVE-2015-2717 (bmo#1154683) Buffer overflow and out-of-bounds read while parsing MP4 video metadata - MFSA 2015-56/CVE-2015-2718 (bmo#1146724) Untrusted site hosting trusted page can intercept webchannel responses - MFSA 2015-57/CVE-2011-3079 (bmo#1087565) Privilege escalation through IPC channel messages Changes in Mozilla NSS : - update to 3.18.1 - Firefox target release 38 - No new functionality is introduced in this release. Notable Changes : - The following CA certificate had the Websites and Code Signing trust bits restored to their original state to allow more time to develop a better transition strategy for affected sites : - OU = Equifax Secure Certificate Authority - The following CA certificate was removed : - CN = e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi - The following intermediate CA certificate has been added as actively distrusted because it was mis-used to issue certificates for domain names the holder did not own or control : - CN=MCSHOLDING TEST, O=MCSHOLDING, C=EG - The version number of the updated root CA list has been set to 2.4 - update to 3.18 - Firefox target release 38 New functionality : - When importing certificates and keys from a PKCS#12 source, it
    last seen2020-06-05
    modified2015-05-26
    plugin id83801
    published2015-05-26
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83801
    titleopenSUSE Security Update : MozillaFirefox (openSUSE-2015-375)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1011.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1011 advisory. - expat: Integer overflow leading to buffer overflow in XML_GetBuffer() (CVE-2015-2716) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-01
    plugin id135066
    published2020-04-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135066
    titleRHEL 7 : expat (RHSA-2020:1011)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-1012.NASL
    descriptionAn updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-2708, CVE-2015-2710, CVE-2015-2713) A heap-based buffer overflow flaw was found in the way Thunderbird processed compressed XML data. An attacker could create specially crafted compressed XML content that, when processed by Thunderbird, could cause it to crash or execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-2716) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jesse Ruderman, Mats Palmgren, Byron Campen, Steve Fink, Atte Kettunen, Scott Bell, and Ucha Gobejishvili as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 31.7. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 31.7, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2015-05-19
    plugin id83530
    published2015-05-19
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83530
    titleCentOS 5 / 6 / 7 : thunderbird (CESA-2015:1012)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-0960-1.NASL
    descriptionThis update to Firefox 31.7.0 ESR (bsc#930622) fixes the following issues : - MFSA 2015-46/CVE-2015-2708/CVE-2015-2709 (bmo#1120655, bmo#1143299, bmo#1151139, bmo#1152177, bmo#1111251, bmo#1117977, bmo#1128064, bmo#1135066, bmo#1143194, bmo#1146101, bmo#1149526, bmo#1153688, bmo#1155474) Miscellaneous memory safety hazards (rv:38.0 / rv:31.7) - MFSA 2015-47/CVE-2015-0797 (bmo#1080995) Buffer overflow parsing H.264 video with Linux Gstreamer - MFSA 2015-48/CVE-2015-2710 (bmo#1149542) Buffer overflow with SVG content and CSS - MFSA 2015-51/CVE-2015-2713 (bmo#1153478) Use-after-free during text processing with vertical text enabled - MFSA 2015-54/CVE-2015-2716 (bmo#1140537) Buffer overflow when parsing compressed XML Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id83870
    published2015-05-28
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83870
    titleSUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2015:0960-1)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_31_7.NASL
    descriptionThe version of Thunderbird installed on the remote Windows host is prior to 31.7. It is, therefore, affected by the following vulnerabilities : - A privilege escalation vulnerability exists in the Inter-process Communications (IPC) implementation due to a failure to validate the identity of a listener process. (CVE-2011-3079) - Multiple memory corruption issues exist within the browser engine. A remote attacker can exploit these to corrupt memory and execute arbitrary code. (CVE-2015-2708) - A buffer overflow condition exists in SVGTextFrame.cpp when rendering SVG graphics that are combined with certain CSS properties due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in the execution of arbitrary code. (CVE-2015-2710) - A use-after-free error exists due to improper processing of text when vertical text is enabled. A remote attacker can exploit this to dereference already freed memory. (CVE-2015-2713) - A buffer overflow condition exists in the XML_GetBuffer() function in xmlparse.c due to improper validation of user-supplied input when handling compressed XML content. An attacker can exploit this to cause a buffer overflow, resulting in the execution of arbitrary code. (CVE-2015-2716)
    last seen2020-06-01
    modified2020-06-02
    plugin id83464
    published2015-05-14
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83464
    titleMozilla Thunderbird < 31.7 Multiple Vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2603-1.NASL
    descriptionJesse Ruderman, Mats Palmgren, Byron Campen, and Steve Fink discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-2708) Atte Kettunen discovered a buffer overflow during the rendering of SVG content with certain CSS properties in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-2710) Scott Bell discovered a use-afer-free during the processing of text when vertical text is enabled. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-2713) Ucha Gobejishvili discovered a buffer overflow when parsing compressed XML content. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-2716). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id83544
    published2015-05-19
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83544
    titleUbuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : thunderbird vulnerabilities (USN-2603-1)

Redhat

advisories
  • bugzilla
    id1220607
    titleCVE-2015-2716 Mozilla: Buffer overflow when parsing compressed XML (MFSA 2015-54)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • commentthunderbird is earlier than 0:31.7.0-1.el5_11
        ovaloval:com.redhat.rhsa:tst:20151012001
      • commentthunderbird is signed with Red Hat redhatrelease key
        ovaloval:com.redhat.rhsa:tst:20070108002
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • commentthunderbird is earlier than 0:31.7.0-1.el6_6
        ovaloval:com.redhat.rhsa:tst:20151012004
      • commentthunderbird is signed with Red Hat redhatrelease2 key
        ovaloval:com.redhat.rhsa:tst:20100896002
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • commentthunderbird is earlier than 0:31.7.0-1.el7_1
        ovaloval:com.redhat.rhsa:tst:20151012007
      • commentthunderbird is signed with Red Hat redhatrelease2 key
        ovaloval:com.redhat.rhsa:tst:20100896002
    rhsa
    idRHSA-2015:1012
    released2015-05-18
    severityImportant
    titleRHSA-2015:1012: thunderbird security update (Important)
  • bugzilla
    id1220607
    titleCVE-2015-2716 expat: Integer overflow leading to buffer overflow in XML_GetBuffer()
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentexpat is earlier than 0:2.1.0-11.el7
            ovaloval:com.redhat.rhsa:tst:20201011001
          • commentexpat is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20120731007
        • AND
          • commentexpat-static is earlier than 0:2.1.0-11.el7
            ovaloval:com.redhat.rhsa:tst:20201011003
          • commentexpat-static is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20162824008
        • AND
          • commentexpat-devel is earlier than 0:2.1.0-11.el7
            ovaloval:com.redhat.rhsa:tst:20201011005
          • commentexpat-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20120731009
    rhsa
    idRHSA-2020:1011
    released2020-03-31
    severityModerate
    titleRHSA-2020:1011: expat security update (Moderate)
  • rhsa
    idRHSA-2015:0988
rpms
  • firefox-0:38.0-3.ael7b_1
  • firefox-0:38.0-3.el7_1
  • firefox-0:38.0-4.el5_11
  • firefox-0:38.0-4.el6_6
  • firefox-debuginfo-0:38.0-3.ael7b_1
  • firefox-debuginfo-0:38.0-3.el7_1
  • firefox-debuginfo-0:38.0-4.el5_11
  • firefox-debuginfo-0:38.0-4.el6_6
  • thunderbird-0:31.7.0-1.ael7b_1
  • thunderbird-0:31.7.0-1.el5_11
  • thunderbird-0:31.7.0-1.el6_6
  • thunderbird-0:31.7.0-1.el7_1
  • thunderbird-debuginfo-0:31.7.0-1.ael7b_1
  • thunderbird-debuginfo-0:31.7.0-1.el5_11
  • thunderbird-debuginfo-0:31.7.0-1.el6_6
  • thunderbird-debuginfo-0:31.7.0-1.el7_1
  • expat-0:2.1.0-11.el7
  • expat-debuginfo-0:2.1.0-11.el7
  • expat-devel-0:2.1.0-11.el7
  • expat-static-0:2.1.0-11.el7