The CryptoKey interface implementation in Mozilla Firefox prior to 42.0 and Firefox ESR 38.x prior to 38.4 lacks status checking, which allows malicious users to have an unspecified impact via vectors related to a cryptographic key.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |
||
mozilla firefox esr 38.0.1 |
||
mozilla firefox esr 38.0.5 |
||
mozilla firefox esr 38.2.0 |
||
mozilla firefox esr 38.2.1 |
||
mozilla firefox esr 38.0 |
||
mozilla firefox esr 38.3.0 |
||
mozilla firefox esr 38.1.0 |
||
mozilla firefox esr 38.1.1 |
SSL/TLS library flaws found, anti-analytics missiles deployed
Mozilla has released Firefox 42 and Firefox ESR 38 38.4, which include fixes for worrying security vulnerabilities in the web browser. The November 3 update squashes at least three bugs that can be potentially exploited to achieve remote code execution. Two Mozilla engineers, Tyson Smith and David Keeler, uncovered two flaws (CVE-2015-7181 and CVE-2015-7182) in NSS, a toolkit used by Firefox to encrypt web traffic over SSL/TLS. By exploiting "a use-after-poison and buffer overflow in the ASN.1 d...