[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-7183Date: (C)2015-12-15   (M)2024-03-27


Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1034069
BID-77415
BID-91787
DSA-3393
DSA-3406
GLSA-201512-10
GLSA-201605-06
RHSA-2015:1980
RHSA-2015:1981
SSA:2015-310-02
SUSE-SU-2015:1926
SUSE-SU-2015:1978
SUSE-SU-2015:1981
SUSE-SU-2015:2081
USN-2785-1
USN-2790-1
USN-2819-1
http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html
http://www.mozilla.org/security/announce/2015/mfsa2015-133.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
https://bto.bluecoat.com/security-advisory/sa119
https://bugzilla.mozilla.org/show_bug.cgi?id=1205157
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes
openSUSE-SU-2015:1942
openSUSE-SU-2015:2229
openSUSE-SU-2015:2245

CPE    11
cpe:/a:mozilla:firefox_esr:38.0
cpe:/a:mozilla:network_security_services:3.20.0
cpe:/a:mozilla:firefox_esr:38.1.1
cpe:/a:mozilla:firefox_esr:38.2.0
...
CWE    1
CWE-119
OVAL    28
oval:org.secpod.oval:def:203762
oval:org.secpod.oval:def:31624
oval:org.secpod.oval:def:203761
oval:org.secpod.oval:def:31625
...

© SecPod Technologies