Unrated severityNVD Advisory· Published May 14, 2015· Updated Jun 17, 2026
CVE-2015-2710
CVE-2015-2710
Description
Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
29cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=37.0.2
- cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.6.0:*:*:*:*:*:*:*
- (no CPE)range: <38.0
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*range: <=31.5
- (no CPE)range: <31.7
- cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*
- cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*
- cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*
- osv-coords7 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweedpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012
< 128.5.1-1.1+ 6 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 50.1.0-1.1
- (no CPE)range: < 45.5.1-1.1
- (no CPE)range: < 31.7.0esr-34.1
- (no CPE)range: < 31.7.0esr-34.1
- (no CPE)range: < 31.7.0esr-34.1
- (no CPE)range: < 31.7.0esr-34.1
Patches
Vulnerability mechanics
References
17- www.mozilla.org/security/announce/2015/mfsa2015-48.htmlnvdVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.htmlnvd
- lists.opensuse.org/opensuse-updates/2015-05/msg00036.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-0988.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1012.htmlnvd
- www.debian.org/security/2015/dsa-3260nvd
- www.debian.org/security/2015/dsa-3264nvd
- www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlnvd
- www.securityfocus.com/bid/74611nvd
- www.ubuntu.com/usn/USN-2602-1nvd
- www.ubuntu.com/usn/USN-2603-1nvd
- bugzilla.mozilla.org/show_bug.cginvd
- security.gentoo.org/glsa/201605-06nvd
- www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/nvd
News mentions
0No linked articles in our index yet.