[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

111604

 
 

909

 
 

87312

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2015-2730Date: (C)2015-07-08   (M)2018-05-14


Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1032783
BID-75541
BID-83399
DSA-3336
GLSA-201512-10
RHSA-2015:1664
RHSA-2015:1699
SUSE-SU-2015:1268
SUSE-SU-2015:1269
SUSE-SU-2015:1449
USN-2656-1
USN-2656-2
USN-2672-1
http://www.mozilla.org/security/announce/2015/mfsa2015-64.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1125025
https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes
openSUSE-SU-2015:1229
openSUSE-SU-2015:1266

CPE    5
cpe:/o:novell:suse_linux_enterprise_desktop:12.0
cpe:/o:novell:suse_linux_enterprise_server:12.0
cpe:/o:debian:debian_linux:7.0
cpe:/a:mozilla:network_security_services:3.19
...
CWE    1
CWE-310
OVAL    17
oval:org.secpod.oval:def:25598
oval:org.secpod.oval:def:501644
oval:org.secpod.oval:def:25599
oval:org.secpod.oval:def:25633
...

© SecPod Technologies