Published: 06/07/2015 Updated: 12/09/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Subscribe to Suse Linux Enterprise Server

Mozilla Network Security Services (NSS) prior to 3.19.1, as used in Mozilla Firefox prior to 39.0, Firefox ESR 31.x prior to 31.8 and 38.x prior to 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote malicious users to spoof ECDSA signatures via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
novell suse linux enterprise server 12.0
novell suse linux enterprise server 11
debian debian linux 8.0
debian debian linux 7.0
novell suse linux enterprise desktop 12.0
novell suse linux enterprise software development kit 12.0
mozilla network_security_services
oracle solaris 11.3
oracle vm server 3.2

Several vulnerabilities have been discovered in nss, the Mozilla Network Security Service library The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2721 Karthikeyan Bhargavan discovered that NSS incorrectly handles state transitions for the TLS state machine A man-in-the-middle attacker coul ...

Several security issues were fixed in NSS ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

A flaw was found in the way NSS verified certain ECDSA (Elliptic Curve Digital Signature Algorithm) signatures Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks ...

Mozilla Foundation Security Advisory 2015-64 ECDSA signature validation fails to handle some signatures correctly Announced July 2, 2015 Reporter Watson Ladd Impact Moderate Products Firefox, Firefox ESR, Firefox OS, SeaMonk ...

A flaw was found in the way NSS verified certain ECDSA (Elliptic Curve Digital Signature Algorithm) signatures Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks ...

script to manage ca-certificates.

Updating the CA trust list in RHEL Author: Kai Engert Date: August/September/October 2018 Updating the CA trust list in RHEL Introduction Distribution mechanics Related background information Script certdata-upstream-to-certdata-rhelpy RHEL 5 App A Script doitsh App B Script sort-bundlepy App C 2019 Update with new scripts Introduction In RHEL we ship Mozill

CWE-310 https://bugzilla.mozilla.org/show_bug.cgi?id=1125025 http://www.mozilla.org/security/announce/2015/mfsa2015-64.html https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes http://www.debian.org/security/2015/dsa-3336 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securityfocus.com/bid/83399 http://www.securityfocus.com/bid/75541 https://security.gentoo.org/glsa/201512-10 http://rhn.redhat.com/errata/RHSA-2015-1699.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://rhn.redhat.com/errata/RHSA-2015-1664.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://www.ubuntu.com/usn/USN-2672-1 http://www.ubuntu.com/usn/USN-2656-2 http://www.ubuntu.com/usn/USN-2656-1 http://www.securitytracker.com/id/1032783 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html https://nvd.nist.gov https://www.debian.org/security/./dsa-3336 https://github.com/rjrelyea/ca-certificate-scripts https://access.redhat.com/security/cve/cve-2015-2730 https://usn.ubuntu.com/2672-1/

CVE-2015-2730

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect