[Forgot Password]
Login  Register Subscribe

23631

 
 

126995

 
 

100182

 
 

909

 
 

80198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2015-2730

Date: (C)2015-07-08   (M)2018-01-09 


Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.

CVSS Score: 4.3Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: PARTIAL
 Availability: NONE





Reference:
SECTRACK-1032783
BID-75541
BID-83399
DSA-3336
GLSA-201512-10
RHSA-2015:1664
RHSA-2015:1699
SUSE-SU-2015:1268
SUSE-SU-2015:1269
SUSE-SU-2015:1449
USN-2656-1
USN-2656-2
USN-2672-1
http://www.mozilla.org/security/announce/2015/mfsa2015-64.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1125025
https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes
openSUSE-SU-2015:1229
openSUSE-SU-2015:1266

CPE    5
cpe:/o:novell:suse_linux_enterprise_server:12.0
cpe:/o:novell:suse_linux_enterprise_desktop:12.0
cpe:/a:mozilla:network_security_services:3.19
cpe:/o:debian:debian_linux:7.0
...
CWE    1
CWE-310
OVAL    17
oval:org.secpod.oval:def:501644
oval:org.secpod.oval:def:25633
oval:org.secpod.oval:def:25634
oval:org.secpod.oval:def:203724
...

© 2013 SecPod Technologies