[Forgot Password]
Login  Register Subscribe

24003

 
 

131425

 
 

104705

 
 

909

 
 

84119

 
 

133

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2015-2730Date: (C)2015-07-08   (M)2018-04-15


Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 4.3
Exploit Score: Exploit Score: 8.6
Impact Score: Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: MEDIUM
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: NONE
Scope: Integrity: PARTIAL
Confidentiality: Availability: NONE
Integrity:  
Availability:  
  
Reference:
SECTRACK-1032783
BID-75541
BID-83399
DSA-3336
GLSA-201512-10
RHSA-2015:1664
RHSA-2015:1699
SUSE-SU-2015:1268
SUSE-SU-2015:1269
SUSE-SU-2015:1449
USN-2656-1
USN-2656-2
USN-2672-1
http://www.mozilla.org/security/announce/2015/mfsa2015-64.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1125025
https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes
openSUSE-SU-2015:1229
openSUSE-SU-2015:1266

CPE    5
cpe:/a:mozilla:network_security_services:3.19
cpe:/o:novell:suse_linux_enterprise_desktop:12.0
cpe:/o:novell:suse_linux_enterprise_server:12.0
cpe:/o:debian:debian_linux:8.0
...
CWE    1
CWE-310
OVAL    17
oval:org.secpod.oval:def:25633
oval:org.secpod.oval:def:25634
oval:org.secpod.oval:def:203724
oval:org.secpod.oval:def:1501161
...

© 2013 SecPod Technologies