Search for vulnerabilities
Vulnerability details: VCID-dwe4-y9ka-6qby
Vulnerability ID VCID-dwe4-y9ka-6qby
Aliases CVE-2015-2716
Summary Security researcher Ucha Gobejishvili used the Address Sanitizer tool to find a buffer overflow while parsing compressed XML content. This was due to an error in how buffer space is created and modified when handling large amounts of XML data. This results in a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.90054
EPSS Score 0.05699
Published At Aug. 7, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:10:56.778897+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2015/mfsa2015-54.md 37.0.0