Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2015-2710: Buffer overflow with SVG content and CSS

Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence.

CVE
Open in Source
#buffer_overflow#ssh#firefox

Mozilla Foundation Security Advisory 2015-48

Announced

May 12, 2015

Reporter

Atte Kettunen

Impact

Critical

Products

Firefox, Firefox ESR, Firefox OS, SeaMonkey, Thunderbird

Fixed in

  • Firefox 38
  • Firefox ESR 31.7
  • Firefox OS 2.2
  • SeaMonkey 2.35
  • Thunderbird 31.7
  • Thunderbird 38.0.1

Description

Using the Address Sanitizer tool, security researcher Atte Kettunen found a buffer overflow during the rendering of SVG format graphics when combined with specific CSS properties on a page. This results in a potentially exploitable crash.

In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.

References

  • Heap-buffer-overflow in SVGTextFrame (CVE-2015-2710)

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE