[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2015-2730

Date: (C)2015-07-08   (M)2017-10-12
 
CVSS Score: 4.3Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: PARTIAL
 Availability: NONE











Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.

Reference:
SECTRACK-1032783
BID-75541
BID-83399
DSA-3336
GLSA-201512-10
RHSA-2015:1664
RHSA-2015:1699
SUSE-SU-2015:1268
SUSE-SU-2015:1269
SUSE-SU-2015:1449
USN-2656-1
USN-2656-2
USN-2672-1
http://www.mozilla.org/security/announce/2015/mfsa2015-64.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1125025
https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes
openSUSE-SU-2015:1229
openSUSE-SU-2015:1266

CPE    5
cpe:/a:mozilla:network_security_services:3.19
cpe:/o:novell:suse_linux_enterprise_desktop:12.0
cpe:/o:novell:suse_linux_enterprise_server:12.0
cpe:/o:debian:debian_linux:8.0
...
CWE    1
CWE-310
OVAL    17
oval:org.secpod.oval:def:25598
oval:org.secpod.oval:def:501644
oval:org.secpod.oval:def:25599
oval:org.secpod.oval:def:25633
...

© 2013 SecPod Technologies