Search for vulnerabilities
| Vulnerability ID | VCID-z31y-mcqb-6kfn |
| Aliases |
CVE-2015-7177
|
| Summary | Security researcher Ronald Crane reported eight vulnerabilities affecting released code that were found through code inspection. These included several potential memory safety issues resulting from the use of snprintf, one use of unowned memory, one use of a string without overflow checks, and five memory safety bugs. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 8.0 |
| Risk | 4.0 |
| Affected and Fixed Packages | Package Details |
| Reference id | Reference type | URL |
|---|---|---|
| https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7177.json | ||
| https://api.first.org/data/v1/epss?cve=CVE-2015-7177 | ||
| 1265784 | https://bugzilla.redhat.com/show_bug.cgi?id=1265784 | |
| CVE-2015-7177 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7177 | |
| mfsa2015-112 | https://www.mozilla.org/en-US/security/advisories/mfsa2015-112 | |
| RHSA-2015:1834 | https://access.redhat.com/errata/RHSA-2015:1834 | |
| RHSA-2015:1852 | https://access.redhat.com/errata/RHSA-2015:1852 | |
| USN-2743-1 | https://usn.ubuntu.com/2743-1/ | |
| USN-2754-1 | https://usn.ubuntu.com/2754-1/ |
| Percentile | 0.80611 |
| EPSS Score | 0.01543 |
| Published At | Aug. 9, 2025, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2025-07-31T08:10:52.030603+00:00 | Mozilla Importer | Import | https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2015/mfsa2015-112.md | 37.0.0 |