CVE-2015-2713 - Vulnerability Details

Vendors	Products
Mozilla	Firefox Firefox Esr Thunderbird
Novell	Suse Linux Enterprise Desktop Suse Linux Enterprise Server Suse Linux Enterprise Software Development Kit
Opensuse	Opensuse
Redhat	Enterprise Linux

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5
firefox-0:38.0-4.el5_11	cpe:/o:redhat:enterprise_linux:5	RHSA-2015:0988	2015-05-12T00:00:00Z
thunderbird-0:31.7.0-1.el5_11	cpe:/o:redhat:enterprise_linux:5	RHSA-2015:1012	2015-05-18T00:00:00Z
Red Hat Enterprise Linux 6
firefox-0:38.0-4.el6_6	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:0988	2015-05-12T00:00:00Z
thunderbird-0:31.7.0-1.el6_6	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:1012	2015-05-18T00:00:00Z
Red Hat Enterprise Linux 7
firefox-0:38.0-3.el7_1	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:0988	2015-05-12T00:00:00Z
thunderbird-0:31.7.0-1.el7_1	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:1012	2015-05-18T00:00:00Z

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html
http://rhn.redhat.com/errata/RHSA-2015-0988.html
http://rhn.redhat.com/errata/RHSA-2015-1012.html
http://www.debian.org/security/2015/dsa-3260
http://www.debian.org/security/2015/dsa-3264
http://www.mozilla.org/security/announce/2015/mfsa2015-51.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/74611
http://www.ubuntu.com/usn/USN-2602-1
http://www.ubuntu.com/usn/USN-2603-1
https://bugzilla.mozilla.org/show_bug.cgi?id=1153478
https://nvd.nist.gov/vuln/detail/CVE-2015-2713
https://security.gentoo.org/glsa/201605-06
https://www.cve.org/CVERecord?id=CVE-2015-2713
https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:mozilla:firefox_esr:31.5.1:::::::*	cpe:2.3:a:mozilla:firefox:31.5.1:::::::*

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:mozilla:firefox_esr:31.0:::::::* cpe:2.3:a:mozilla:firefox_esr:31.1.0:::::::*	cpe:2.3:a:mozilla:firefox:31.0:::::::* cpe:2.3:a:mozilla:firefox:31.1.0:::::::*

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:mozilla:firefox_esr:31.1.1:::::::* cpe:2.3:a:mozilla:firefox_esr:31.3.0:::::::* cpe:2.3:a:mozilla:firefox_esr:31.5.2:::::::* cpe:2.3:a:mozilla:firefox_esr:31.5.3:::::::*	cpe:2.3:a:mozilla:firefox:31.1.1:::::::* cpe:2.3:a:mozilla:firefox:31.3.0:::::::* cpe:2.3:a:mozilla:firefox:31.5.2:::::::* cpe:2.3:a:mozilla:firefox:31.5.3:::::::*

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-05-12T00:00:00", "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-30T15:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"name": "USN-2602-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2602-1"}, {"name": "RHSA-2015:0988", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0988.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7"}, {"name": "74611", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/74611"}, {"name": "openSUSE-SU-2015:0892", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1153478"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-51.html"}, {"name": "DSA-3264", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3264"}, {"name": "DSA-3260", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3260"}, {"name": "SUSE-SU-2015:0978", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"name": "openSUSE-SU-2015:0934", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html"}, {"name": "USN-2603-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2603-1"}, {"name": "SUSE-SU-2015:0960", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html"}, {"name": "RHSA-2015:1012", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1012.html"}, {"name": "openSUSE-SU-2015:1266", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"}, {"name": "GLSA-201605-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201605-06"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2015-2713", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-2602-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2602-1"}, {"name": "RHSA-2015:0988", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0988.html"}, {"name": "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7", "refsource": "CONFIRM", "url": "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7"}, {"name": "74611", "refsource": "BID", "url": "http://www.securityfocus.com/bid/74611"}, {"name": "openSUSE-SU-2015:0892", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1153478", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1153478"}, {"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-51.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-51.html"}, {"name": "DSA-3264", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3264"}, {"name": "DSA-3260", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3260"}, {"name": "SUSE-SU-2015:0978", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"name": "openSUSE-SU-2015:0934", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html"}, {"name": "USN-2603-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2603-1"}, {"name": "SUSE-SU-2015:0960", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html"}, {"name": "RHSA-2015:1012", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1012.html"}, {"name": "openSUSE-SU-2015:1266", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"}, {"name": "GLSA-201605-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201605-06"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:24:38.447Z"}, "title": "CVE Program Container", "references": [{"name": "USN-2602-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2602-1"}, {"name": "RHSA-2015:0988", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0988.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7"}, {"name": "74611", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/74611"}, {"name": "openSUSE-SU-2015:0892", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1153478"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-51.html"}, {"name": "DSA-3264", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3264"}, {"name": "DSA-3260", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3260"}, {"name": "SUSE-SU-2015:0978", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"name": "openSUSE-SU-2015:0934", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html"}, {"name": "USN-2603-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2603-1"}, {"name": "SUSE-SU-2015:0960", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html"}, {"name": "RHSA-2015:1012", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1012.html"}, {"name": "openSUSE-SU-2015:1266", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"}, {"name": "GLSA-201605-06", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201605-06"}]}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2015-2713", "datePublished": "2015-05-14T10:00:00", "dateReserved": "2015-03-25T00:00:00", "dateUpdated": "2024-08-06T05:24:38.447Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2015-05-12T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2016-12-30T15:57:01 (string)

orgId : f16b083a-5664-49f3-a51e-8d479e5ed7fe (string)

shortName : mozilla (string)

}

references : [ »

0 : { »

name : USN-2602-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-2602-1 (string)

}

1 : { »

name : RHSA-2015:0988 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-0988.html (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7 (string)

}

3 : { »

name : 74611 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/74611 (string)

}

4 : { »

name : openSUSE-SU-2015:0892 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1153478 (string)

}

6 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.mozilla.org/security/announce/2015/mfsa2015-51.html (string)

}

7 : { »

name : DSA-3264 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2015/dsa-3264 (string)

}

8 : { »

name : DSA-3260 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2015/dsa-3260 (string)

}

9 : { »

name : SUSE-SU-2015:0978 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html (string)

}

10 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html (string)

}

11 : { »

name : openSUSE-SU-2015:0934 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html (string)

}

12 : { »

name : USN-2603-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-2603-1 (string)

}

13 : { »

name : SUSE-SU-2015:0960 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html (string)

}

14 : { »

name : RHSA-2015:1012 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-1012.html (string)

}

15 : { »

name : openSUSE-SU-2015:1266 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html (string)

}

16 : { »

name : GLSA-201605-06 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : https://security.gentoo.org/glsa/201605-06 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@mozilla.org (string)

ID : CVE-2015-2713 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : USN-2602-1 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-2602-1 (string)

}

1 : { »

name : RHSA-2015:0988 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2015-0988.html (string)

}

2 : { »

name : https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7 (string)

refsource : CONFIRM (string)

url : https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7 (string)

}

3 : { »

name : 74611 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/74611 (string)

}

4 : { »

name : openSUSE-SU-2015:0892 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html (string)

}

5 : { »

name : https://bugzilla.mozilla.org/show_bug.cgi?id=1153478 (string)

refsource : CONFIRM (string)

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1153478 (string)

}

6 : { »

name : http://www.mozilla.org/security/announce/2015/mfsa2015-51.html (string)

refsource : CONFIRM (string)

url : http://www.mozilla.org/security/announce/2015/mfsa2015-51.html (string)

}

7 : { »

name : DSA-3264 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2015/dsa-3264 (string)

}

8 : { »

name : DSA-3260 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2015/dsa-3260 (string)

}

9 : { »

name : SUSE-SU-2015:0978 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html (string)

}

10 : { »

name : http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html (string)

refsource : CONFIRM (string)

url : http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html (string)

}

11 : { »

name : openSUSE-SU-2015:0934 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html (string)

}

12 : { »

name : USN-2603-1 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-2603-1 (string)

}

13 : { »

name : SUSE-SU-2015:0960 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html (string)

}

14 : { »

name : RHSA-2015:1012 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2015-1012.html (string)

}

15 : { »

name : openSUSE-SU-2015:1266 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html (string)

}

16 : { »

name : GLSA-201605-06 (string)

refsource : GENTOO (string)

url : https://security.gentoo.org/glsa/201605-06 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T05:24:38.447Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : USN-2602-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-2602-1 (string)

}

1 : { »

name : RHSA-2015:0988 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-0988.html (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7 (string)

}

3 : { »

name : 74611 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/74611 (string)

}

4 : { »

name : openSUSE-SU-2015:0892 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1153478 (string)

}

6 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.mozilla.org/security/announce/2015/mfsa2015-51.html (string)

}

7 : { »

name : DSA-3264 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2015/dsa-3264 (string)

}

8 : { »

name : DSA-3260 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2015/dsa-3260 (string)

}

9 : { »

name : SUSE-SU-2015:0978 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html (string)

}

10 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html (string)

}

11 : { »

name : openSUSE-SU-2015:0934 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html (string)

}

12 : { »

name : USN-2603-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-2603-1 (string)

}

13 : { »

name : SUSE-SU-2015:0960 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html (string)

}

14 : { »

name : RHSA-2015:1012 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-1012.html (string)

}

15 : { »

name : openSUSE-SU-2015:1266 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html (string)

}

16 : { »

name : GLSA-201605-06 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : https://security.gentoo.org/glsa/201605-06 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : f16b083a-5664-49f3-a51e-8d479e5ed7fe (string)

assignerShortName : mozilla (string)

cveId : CVE-2015-2713 (string)

datePublished : 2015-05-14T10:00:00 (string)

dateReserved : 2015-03-25T00:00:00 (string)

dateUpdated : 2024-08-06T05:24:38.447Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "336EC5B8-6FD8-42BB-9530-58A15238CEE1", "vulnerable": true}, {"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "EA04C9F1-6257-4D82-BA0B-37DE66D94736", "vulnerable": true}, {"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "7CF7EA41-388C-43CA-82A3-BBED9947CD49", "versionEndIncluding": "37.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC3823E9-1BAA-4402-95E2-7AF5B793DEBE", "versionEndIncluding": "31.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11F024A-A8B7-405B-8A13-4BF406FBDB22", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D81A3698-797C-4CD9-BB02-A9182E0A6E11", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "84E8D7C7-B578-4623-9EA2-D13965DBE1F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:31.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "C3E5D043-71F8-4A61-BEA4-176153E26FD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:31.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "51CBE0A9-1D05-4F88-B5B5-1592D4A4687E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:31.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "902BF23B-C1B9-41F2-BF5D-C1722C3DBFFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:31.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "60521E93-3495-40F7-AA72-EE531F8FA09D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.1:*:*:*:*:*:*:*", "matchCriteriaId": "6D7AAC77-57A3-4747-B760-0EE3CD53E4DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*", "matchCriteriaId": "7DCA6959-24B7-4F86-BE25-0A8A7C1A3D13", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.3:*:*:*:*:*:*:*", "matchCriteriaId": "697EA344-F982-4E9F-9EC8-CCCB5829582B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.4:*:*:*:*:*:*:*", "matchCriteriaId": "61304847-1DC8-442C-8194-28E52B3C1293", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.5:*:*:*:*:*:*:*", "matchCriteriaId": "8DF9724E-93B2-4BC7-8181-6D9521A6CC37", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9DAF8682-9B5E-4DE7-AEB0-71D5E4E6E01C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text."}, {"lang": "es", "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en la funci\u00f3n SetBreaks en Mozilla Firefox anterior a 38.0, Firefox ESR 31.x anterior a 31.7, y Thunderbird anterior a 31.7 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria din\u00e1mica) a trav\u00e9s de un documento que contiene un texto manipulado en conjunto con una secuencia de tokens Cascading Style Sheets (CSS) que contiene propiedades relacionadas con el texto vertical."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", "id": "CVE-2015-2713", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-05-14T10:59:06.240", "references": [{"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html"}, {"source": "security@mozilla.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-0988.html"}, {"source": "security@mozilla.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-1012.html"}, {"source": "security@mozilla.org", "url": "http://www.debian.org/security/2015/dsa-3260"}, {"source": "security@mozilla.org", "url": "http://www.debian.org/security/2015/dsa-3264"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-51.html"}, {"source": "security@mozilla.org", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"source": "security@mozilla.org", "url": "http://www.securityfocus.com/bid/74611"}, {"source": "security@mozilla.org", "url": "http://www.ubuntu.com/usn/USN-2602-1"}, {"source": "security@mozilla.org", "url": "http://www.ubuntu.com/usn/USN-2603-1"}, {"source": "security@mozilla.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1153478"}, {"source": "security@mozilla.org", "url": "https://security.gentoo.org/glsa/201605-06"}, {"source": "security@mozilla.org", "url": "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0988.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1012.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2015/dsa-3260"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2015/dsa-3264"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-51.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/74611"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2602-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2603-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1153478"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201605-06"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 336EC5B8-6FD8-42BB-9530-58A15238CEE1 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:* (string)

matchCriteriaId : EA04C9F1-6257-4D82-BA0B-37DE66D94736 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:* (string)

matchCriteriaId : C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* (string)

matchCriteriaId : A10BC294-9196-425F-9FB0-B1625465B47F (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 03117DF1-3BEC-4B8D-AD63-DBBDB2126081 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 7CF7EA41-388C-43CA-82A3-BBED9947CD49 (string)

versionEndIncluding : 37.0.2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* (string)

matchCriteriaId : FC3823E9-1BAA-4402-95E2-7AF5B793DEBE (string)

versionEndIncluding : 31.5 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:* (string)

matchCriteriaId : C11F024A-A8B7-405B-8A13-4BF406FBDB22 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : D81A3698-797C-4CD9-BB02-A9182E0A6E11 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 84E8D7C7-B578-4623-9EA2-D13965DBE1F3 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:mozilla:firefox:31.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : C3E5D043-71F8-4A61-BEA4-176153E26FD6 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:mozilla:firefox:31.5.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 51CBE0A9-1D05-4F88-B5B5-1592D4A4687E (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:mozilla:firefox:31.5.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 902BF23B-C1B9-41F2-BF5D-C1722C3DBFFD (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:mozilla:firefox:31.5.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 60521E93-3495-40F7-AA72-EE531F8FA09D (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:mozilla:firefox_esr:31.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 6D7AAC77-57A3-4747-B760-0EE3CD53E4DE (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 7DCA6959-24B7-4F86-BE25-0A8A7C1A3D13 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:mozilla:firefox_esr:31.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 697EA344-F982-4E9F-9EC8-CCCB5829582B (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:mozilla:firefox_esr:31.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 61304847-1DC8-442C-8194-28E52B3C1293 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:mozilla:firefox_esr:31.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 8DF9724E-93B2-4BC7-8181-6D9521A6CC37 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:mozilla:firefox_esr:31.6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 9DAF8682-9B5E-4DE7-AEB0-71D5E4E6E01C (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text. (string)

}

1 : { »

lang : es (string)

value : Vulnerabilidad de uso después de liberación en la función SetBreaks en Mozilla Firefox anterior a 38.0, Firefox ESR 31.x anterior a 31.7, y Thunderbird anterior a 31.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) a través de un documento que contiene un texto manipulado en conjunto con una secuencia de tokens Cascading Style Sheets (CSS) que contiene propiedades relacionadas con el texto vertical. (string)

}

]

evaluatorComment : <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a> (string)

id : CVE-2015-2713 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.8 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2015-05-14T10:59:06.240 (string)

references : [ »

0 : { »

source : security@mozilla.org (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html (string)

}

1 : { »

source : security@mozilla.org (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html (string)

}

2 : { »

source : security@mozilla.org (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html (string)

}

3 : { »

source : security@mozilla.org (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html (string)

}

4 : { »

source : security@mozilla.org (string)

url : http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html (string)

}

5 : { »

source : security@mozilla.org (string)

url : http://rhn.redhat.com/errata/RHSA-2015-0988.html (string)

}

6 : { »

source : security@mozilla.org (string)

url : http://rhn.redhat.com/errata/RHSA-2015-1012.html (string)

}

7 : { »

source : security@mozilla.org (string)

url : http://www.debian.org/security/2015/dsa-3260 (string)

}

8 : { »

source : security@mozilla.org (string)

url : http://www.debian.org/security/2015/dsa-3264 (string)

}

9 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.mozilla.org/security/announce/2015/mfsa2015-51.html (string)

}

10 : { »

source : security@mozilla.org (string)

url : http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html (string)

}

11 : { »

source : security@mozilla.org (string)

url : http://www.securityfocus.com/bid/74611 (string)

}

12 : { »

source : security@mozilla.org (string)

url : http://www.ubuntu.com/usn/USN-2602-1 (string)

}

13 : { »

source : security@mozilla.org (string)

url : http://www.ubuntu.com/usn/USN-2603-1 (string)

}

14 : { »

source : security@mozilla.org (string)

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1153478 (string)

}

15 : { »

source : security@mozilla.org (string)

url : https://security.gentoo.org/glsa/201605-06 (string)

}

16 : { »

source : security@mozilla.org (string)

url : https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7 (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2015-0988.html (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2015-1012.html (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.debian.org/security/2015/dsa-3260 (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.debian.org/security/2015/dsa-3264 (string)

}

26 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.mozilla.org/security/announce/2015/mfsa2015-51.html (string)

}

27 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html (string)

}

28 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/bid/74611 (string)

}

29 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.ubuntu.com/usn/USN-2602-1 (string)

}

30 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.ubuntu.com/usn/USN-2603-1 (string)

}

31 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1153478 (string)

}

32 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://security.gentoo.org/glsa/201605-06 (string)

}

33 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7 (string)

}

]

sourceIdentifier : security@mozilla.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-Other (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Scott Bell as the original reporter.", "affected_release": [{"advisory": "RHSA-2015:0988", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "firefox-0:38.0-4.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2015-05-12T00:00:00Z"}, {"advisory": "RHSA-2015:1012", "cpe": "cpe:/o:redhat:enterprise_linux:5", "impact": "important", "package": "thunderbird-0:31.7.0-1.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2015-05-18T00:00:00Z"}, {"advisory": "RHSA-2015:0988", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "firefox-0:38.0-4.el6_6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-05-12T00:00:00Z"}, {"advisory": "RHSA-2015:1012", "cpe": "cpe:/o:redhat:enterprise_linux:6", "impact": "important", "package": "thunderbird-0:31.7.0-1.el6_6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-05-18T00:00:00Z"}, {"advisory": "RHSA-2015:0988", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:38.0-3.el7_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-05-12T00:00:00Z"}, {"advisory": "RHSA-2015:1012", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:31.7.0-1.el7_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-05-18T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Use-after-free during text processing with vertical text enabled (MFSA 2015-51)", "id": "1220605", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1220605"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-416", "details": ["Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text."], "name": "CVE-2015-2713", "public_date": "2015-05-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-2713\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2713\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-51.html"], "threat_severity": "Critical"}

{

acknowledgement : Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Scott Bell as the original reporter. (string)

affected_release : [ »

0 : { »

advisory : RHSA-2015:0988 (string)

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

package : firefox-0:38.0-4.el5_11 (string)

product_name : Red Hat Enterprise Linux 5 (string)

release_date : 2015-05-12T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2015:1012 (string)

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

impact : important (string)

package : thunderbird-0:31.7.0-1.el5_11 (string)

product_name : Red Hat Enterprise Linux 5 (string)

release_date : 2015-05-18T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2015:0988 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : firefox-0:38.0-4.el6_6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2015-05-12T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2015:1012 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

impact : important (string)

package : thunderbird-0:31.7.0-1.el6_6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2015-05-18T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2015:0988 (string)

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

package : firefox-0:38.0-3.el7_1 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2015-05-12T00:00:00Z (string)

}

5 : { »

advisory : RHSA-2015:1012 (string)

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

package : thunderbird-0:31.7.0-1.el7_1 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2015-05-18T00:00:00Z (string)

}

]

bugzilla : { »

description : Mozilla: Use-after-free during text processing with vertical text enabled (MFSA 2015-51) (string)

id : 1220605 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1220605 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 6.8 (string)

cvss_scoring_vector : AV:N/AC:M/Au:N/C:P/I:P/A:P (string)

status : verified (string)

}

cwe : CWE-416 (string)

details : [ »

0 : Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text. (string)

]

name : CVE-2015-2713 (string)

public_date : 2015-05-12T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2015-2713 https://nvd.nist.gov/vuln/detail/CVE-2015-2713 http://www.mozilla.org/security/announce/2015/mfsa2015-51.html (string)

]

threat_severity : Critical (string)

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object