[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-2730Date: (C)2015-07-08   (M)2024-03-27


Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1032783
BID-75541
BID-83399
DSA-3336
GLSA-201512-10
RHSA-2015:1664
RHSA-2015:1699
SUSE-SU-2015:1268
SUSE-SU-2015:1269
SUSE-SU-2015:1449
USN-2656-1
USN-2656-2
USN-2672-1
http://www.mozilla.org/security/announce/2015/mfsa2015-64.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1125025
https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes
openSUSE-SU-2015:1229
openSUSE-SU-2015:1266

CPE    5
cpe:/a:mozilla:network_security_services:3.19
cpe:/o:novell:suse_linux_enterprise_desktop:12.0
cpe:/o:debian:debian_linux:7.0
cpe:/o:debian:debian_linux:8.0
...
CWE    1
CWE-310
OVAL    20
oval:org.secpod.oval:def:25598
oval:org.secpod.oval:def:501644
oval:org.secpod.oval:def:25599
oval:org.secpod.oval:def:203724
...

© SecPod Technologies