CVE-2015-2730

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2015-2730
Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1125025 Issue Tracking
http://www.mozilla.org/security/announce/2015/mfsa2015-64.html Vendor Advisory
https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes Vendor Advisory
http://www.debian.org/security/2015/dsa-3336
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html Third Party Advisory
http://www.securityfocus.com/bid/83399
http://www.securityfocus.com/bid/75541
https://security.gentoo.org/glsa/201512-10
http://rhn.redhat.com/errata/RHSA-2015-1699.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
http://rhn.redhat.com/errata/RHSA-2015-1664.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
http://www.ubuntu.com/usn/USN-2672-1
http://www.ubuntu.com/usn/USN-2656-2
http://www.ubuntu.com/usn/USN-2656-1
http://www.securitytracker.com/id/1032783
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:novell:suse_linux_enterprise_server:11:sp4:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*
OR cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.5.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.6.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.7.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.3.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.4:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*
Information

Published : 2015-07-05 19:01

Updated : 2016-12-27 18:59

NVD link : CVE-2015-2730

Mitre link : CVE-2015-2730

JSON object : View

CWE
CWE-310

Cryptographic Issues

Advertisement

dedicated server usa
Products Affected

mozilla

  • firefox_esr
  • firefox
  • network_security_services

novell

  • suse_linux_enterprise_server
  • suse_linux_enterprise_desktop
  • suse_linux_enterprise_software_development_kit

debian

  • debian_linux

oracle

  • vm_server
  • solaris