CVE-2015-2734 - OpenCVE

The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Oracle	Solaris
Suse	Linux Enterprise Software Development Kit Linux Enterprise Desktop Linux Enterprise Server Suse Linux Enterprise Server
Mozilla	Firefox Esr Thunderbird Firefox
Canonical	Ubuntu Linux
Debian	Debian Linux

Configuration 1 [-]

OR	cpe:2.3:o:suse:linux_enterprise_desktop:12:::::::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:::::::*
	cpe:2.3:o:suse:suse_linux_enterprise_server:12:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:mozilla:firefox_esr:31.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.1:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.1.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.1.1:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.2:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.3:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.3.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.4:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.5:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.5.1:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.5.2:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.5.3:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.6.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.7.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:38.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*

Configuration 4 [-]

OR	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*

Configuration 5 [-]

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Configuration 6 [-]

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Configuration 7 [-]

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
http://rhn.redhat.com/errata/RHSA-2015-1207.html
http://rhn.redhat.com/errata/RHSA-2015-1455.html
http://www.debian.org/security/2015/dsa-3300
http://www.debian.org/security/2015/dsa-3324	Third Party Advisory
http://www.mozilla.org/security/announce/2015/mfsa2015-66.html	Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html	Third Party Advisory
http://www.securityfocus.com/bid/75541
http://www.securitytracker.com/id/1032783
http://www.securitytracker.com/id/1032784
http://www.ubuntu.com/usn/USN-2656-1
http://www.ubuntu.com/usn/USN-2656-2
http://www.ubuntu.com/usn/USN-2673-1	Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1166082	Issue Tracking
https://security.gentoo.org/glsa/201512-10