Your submission was sent successfully! Close

CVE-2015-0827

Published: 25 February 2015

Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic.

Priority

Medium

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end of life)
precise
Released (36.0+build2-0ubuntu0.12.04.5)
trusty Does not exist
(trusty was released [36.0+build2-0ubuntu0.14.04.4])
upstream
Released (36)
utopic
Released (36.0+build2-0ubuntu0.14.10.4)
thunderbird
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (1:31.5.0+build1-0ubuntu0.12.04.1)
trusty Does not exist
(trusty was released [1:31.5.0+build1-0ubuntu0.14.04.1])
upstream
Released (31.5.0)
utopic
Released (1:31.5.0+build1-0ubuntu0.14.10.1)