Home > Vulnerability Database > CVE-2015-2710

Mend Vulnerability Database

CVE-2015-2710

Good to know:

Date: May 14, 2015

Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence.

Severity Score

5.6

Related Resources (5)

Url: http://www.debian.org/security/2015/dsa-3264

Url: http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-2710

Url: https://access.redhat.com/security/cve/CVE-2015-2710

Url: http://www.securityfocus.com/bid/74611

Severity Score

5.6

Weakness Type (CWE)

Buffer Errors

CWE-119

Top Fix

Upgrade Version

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend Vulnerability Database

We found results for “”

CVE-2015-2710

Good to know:

Date: May 14, 2015

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?