Published: 05/11/2015 Updated: 20/10/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) prior to 3.19.2.1 and 3.20.x prior to 3.20.1, as used in Firefox prior to 42.0 and Firefox ESR 38.x prior to 38.4 and other products, allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox
mozilla network security services 3.20.0
mozilla network security services
mozilla firefox esr 38.0.5
mozilla firefox esr 38.1.0
mozilla firefox esr 38.2.1
mozilla firefox esr 38.3.0
mozilla firefox esr 38.1.1
mozilla firefox esr 38.2.0
mozilla firefox esr 38.0
mozilla firefox esr 38.0.1

NSPR could be made to crash or run programs if it received specially crafted input ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Several security issues were fixed in Thunderbird ...

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service For the oldstable distribution (wheezy), these proble ...

It was discovered that incorrect memory allocation in the NetScape Portable Runtime library might result in denial of service or the execution of arbitrary code For the oldstable distribution (wheezy), this problem has been fixed in version 2:492-1+deb7u3 For the stable distribution (jessie), this problem has been fixed in version 2:4107-1+de ...

Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities A use-after-poison flaw and a heap-based buffer overflow flaw were found in the way NSS par ...

Mozilla Foundation Security Advisory 2015-133 NSS and NSPR memory corruption issues Announced November 3, 2015 Reporter Tyson Smith, David Keeler, Ryan Sleevi Impact Critical Products Firefox, Firefox ESR, Thunderbird ...

A heap-based buffer overflow was found in NSPR An attacker could use this flaw to cause NSPR to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSPR library ...

Firefox 42 ... answer to the ultimate question of life, security bugs and fully private browsing?

The Register • Shaun Nichols in San Francisco • 04 Nov 2015

SSL/TLS library flaws found, anti-analytics missiles deployed

Mozilla has released Firefox 42 and Firefox ESR 38 38.4, which include fixes for worrying security vulnerabilities in the web browser. The November 3 update squashes at least three bugs that can be potentially exploited to achieve remote code execution. Two Mozilla engineers, Tyson Smith and David Keeler, uncovered two flaws (CVE-2015-7181 and CVE-2015-7182) in NSS, a toolkit used by Firefox to encrypt web traffic over SSL/TLS. By exploiting "a use-after-poison and buffer overflow in the ASN.1 d...

CWE-119 CWE-189 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes http://www.mozilla.org/security/announce/2015/mfsa2015-133.html https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes https://bugzilla.mozilla.org/show_bug.cgi?id=1205157 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/77415 https://security.gentoo.org/glsa/201605-06 https://bto.bluecoat.com/security-advisory/sa119 http://rhn.redhat.com/errata/RHSA-2015-1980.html http://www.debian.org/security/2015/dsa-3393 http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html http://www.ubuntu.com/usn/USN-2785-1 http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html http://rhn.redhat.com/errata/RHSA-2015-1981.html http://www.securitytracker.com/id/1034069 http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html http://www.ubuntu.com/usn/USN-2790-1 https://security.gentoo.org/glsa/201512-10 http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html http://www.ubuntu.com/usn/USN-2819-1 http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753 http://www.debian.org/security/2015/dsa-3406 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html https://nvd.nist.gov https://usn.ubuntu.com/2790-1/https://access.redhat.com/security/cve/cve-2015-7183

CVE-2015-7183

Vulnerability Summary

Vendor Advisories

Recent Articles

References

Vulmon Search

About

Products

Connect