Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-k1fr-d61m-b7fq
Vulnerability ID VCID-k1fr-d61m-b7fq
Aliases CVE-2015-7208
Summary Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird, the worst of which may allow user-assisted execution of arbitrary code.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
epss 0.00618 https://api.first.org/data/v1/epss?cve=CVE-2015-7208
epss 0.00618 https://api.first.org/data/v1/epss?cve=CVE-2015-7208
epss 0.00618 https://api.first.org/data/v1/epss?cve=CVE-2015-7208
epss 0.00618 https://api.first.org/data/v1/epss?cve=CVE-2015-7208
epss 0.00618 https://api.first.org/data/v1/epss?cve=CVE-2015-7208
epss 0.00618 https://api.first.org/data/v1/epss?cve=CVE-2015-7208
epss 0.00618 https://api.first.org/data/v1/epss?cve=CVE-2015-7208
epss 0.00618 https://api.first.org/data/v1/epss?cve=CVE-2015-7208
epss 0.00618 https://api.first.org/data/v1/epss?cve=CVE-2015-7208
epss 0.00618 https://api.first.org/data/v1/epss?cve=CVE-2015-7208
epss 0.00618 https://api.first.org/data/v1/epss?cve=CVE-2015-7208
epss 0.00618 https://api.first.org/data/v1/epss?cve=CVE-2015-7208
epss 0.00618 https://api.first.org/data/v1/epss?cve=CVE-2015-7208
epss 0.00618 https://api.first.org/data/v1/epss?cve=CVE-2015-7208
epss 0.00618 https://api.first.org/data/v1/epss?cve=CVE-2015-7208
cvssv2 2.6 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2015-7208
generic_textual none https://www.mozilla.org/en-US/security/advisories/mfsa2015-137
generic_textual none https://www.mozilla.org/en-US/security/advisories/mfsa2016-04
Reference id Reference type URL
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html
http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html
http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html
http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7208.json
https://api.first.org/data/v1/epss?cve=CVE-2015-7208
https://bugzilla.mozilla.org/show_bug.cgi?id=1191423
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
http://www.mozilla.org/security/announce/2015/mfsa2015-137.html
http://www.mozilla.org/security/announce/2016/mfsa2016-04.html
http://www.securityfocus.com/bid/79280
http://www.securitytracker.com/id/1034426
http://www.securitytracker.com/id/1034825
http://www.ubuntu.com/usn/USN-2833-1
1291583 https://bugzilla.redhat.com/show_bug.cgi?id=1291583
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
CVE-2015-7208 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7208
CVE-2015-7208 https://nvd.nist.gov/vuln/detail/CVE-2015-7208
GLSA-201512-10 https://security.gentoo.org/glsa/201512-10
mfsa2015-137 https://www.mozilla.org/en-US/security/advisories/mfsa2015-137
mfsa2016-04 https://www.mozilla.org/en-US/security/advisories/mfsa2016-04
USN-2833-1 https://usn.ubuntu.com/2833-1/
No exploits are available.
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2015-7208
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.69892
EPSS Score 0.00618
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:01:39.977614+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/201512-10 38.0.0