CVE-2015-0827

Published: 25 February 2015

Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic.

Priority

Medium

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (36)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [36.0+build2-0ubuntu0.14.04.4])
thunderbird
Launchpad, Ubuntu, Debian
Upstream
Released (31.5.0)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1:31.5.0+build1-0ubuntu0.14.04.1])