CVE-2015-2716 Information

Description

Buffer overflow in the XML parser in Mozilla Firefox before 38.0 Firefox ESR 31.x before 31.7 and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data a related issue to CVE-2015-1283.

Reference

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html http://rhn.redhat.com/errata/RHSA-2015-0988.html http://rhn.redhat.com/errata/RHSA-2015-1012.html http://www.debian.org/security/2015/dsa-3260 http://www.debian.org/security/2015/dsa-3264 http://www.mozilla.org/security/announce/2015/mfsa2015-54.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/74611 http://www.ubuntu.com/usn/USN-2602-1 http://www.ubuntu.com/usn/USN-2603-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1140537 https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c https://security.gentoo.org/glsa/201605-06 https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/thunderbird31.7 https://www.tenable.com/security/tns-2016-20