Lucene search
HistoryFeb 25, 2015 - 11:59 a.m.
CVE-2015-0834
firefox
webrtc
cve-2015-0834
security
tls
man-in-the-middle
nvd
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
9 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
56.2%
The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses the TURN or STUN server without using TLS, which makes it easier for man-in-the-middle attackers to discover credentials by spoofing a server and completing a brute-force attack within a short time window.
Affected configurations
Node
canonicalubuntu_linuxMatch12.04lts
ORcanonicalubuntu_linuxMatch14.04lts
ORcanonicalubuntu_linuxMatch14.10
Node
opensuseopensuseMatch13.1
ORopensuseopensuseMatch13.2
Node
mozillafirefoxRange≤35.0.1
ORmozillafirefoxMatch0.1
ORmozillafirefoxMatch0.2
ORmozillafirefoxMatch0.3
ORmozillafirefoxMatch0.4
ORmozillafirefoxMatch0.5
ORmozillafirefoxMatch0.6
ORmozillafirefoxMatch0.6.1
ORmozillafirefoxMatch0.7
ORmozillafirefoxMatch0.7.1
ORmozillafirefoxMatch0.8
ORmozillafirefoxMatch0.9
ORmozillafirefoxMatch0.9rc
ORmozillafirefoxMatch0.9.1
ORmozillafirefoxMatch0.9.2
ORmozillafirefoxMatch0.9.3
ORmozillafirefoxMatch0.10
ORmozillafirefoxMatch0.10.1
ORmozillafirefoxMatch1.0
ORmozillafirefoxMatch1.0preview_release
ORmozillafirefoxMatch1.0.1
ORmozillafirefoxMatch1.0.2
ORmozillafirefoxMatch1.0.3
ORmozillafirefoxMatch1.0.4
ORmozillafirefoxMatch1.0.5
ORmozillafirefoxMatch1.0.6
ORmozillafirefoxMatch1.0.7
ORmozillafirefoxMatch1.0.8
ORmozillafirefoxMatch1.4.1
ORmozillafirefoxMatch1.5
ORmozillafirefoxMatch1.5beta1
ORmozillafirefoxMatch1.5beta2
ORmozillafirefoxMatch1.5.0.1
ORmozillafirefoxMatch1.5.0.2
ORmozillafirefoxMatch1.5.0.3
ORmozillafirefoxMatch1.5.0.4
ORmozillafirefoxMatch1.5.0.5
ORmozillafirefoxMatch1.5.0.6
ORmozillafirefoxMatch1.5.0.7
ORmozillafirefoxMatch1.5.0.8
ORmozillafirefoxMatch1.5.0.9
ORmozillafirefoxMatch1.5.0.10
ORmozillafirefoxMatch1.5.0.11
ORmozillafirefoxMatch1.5.0.12
ORmozillafirefoxMatch1.5.1
ORmozillafirefoxMatch1.5.2
ORmozillafirefoxMatch1.5.3
ORmozillafirefoxMatch1.5.4
ORmozillafirefoxMatch1.5.5
ORmozillafirefoxMatch1.5.6
ORmozillafirefoxMatch1.5.7
ORmozillafirefoxMatch1.5.8
ORmozillafirefoxMatch1.8
ORmozillafirefoxMatch2.0
ORmozillafirefoxMatch2.0.0.1
ORmozillafirefoxMatch2.0.0.2
ORmozillafirefoxMatch2.0.0.3
ORmozillafirefoxMatch2.0.0.4
ORmozillafirefoxMatch2.0.0.5
ORmozillafirefoxMatch2.0.0.6
ORmozillafirefoxMatch2.0.0.7
ORmozillafirefoxMatch2.0.0.8
ORmozillafirefoxMatch2.0.0.9
ORmozillafirefoxMatch2.0.0.10
ORmozillafirefoxMatch2.0.0.11
ORmozillafirefoxMatch2.0.0.12
ORmozillafirefoxMatch2.0.0.13
ORmozillafirefoxMatch2.0.0.14
ORmozillafirefoxMatch2.0.0.15
ORmozillafirefoxMatch2.0.0.16
ORmozillafirefoxMatch2.0.0.17
ORmozillafirefoxMatch2.0.0.18
ORmozillafirefoxMatch2.0.0.19
ORmozillafirefoxMatch2.0.0.20
ORmozillafirefoxMatch3.0
ORmozillafirefoxMatch3.0.1
ORmozillafirefoxMatch3.0.2
ORmozillafirefoxMatch3.0.3
ORmozillafirefoxMatch3.0.4
ORmozillafirefoxMatch3.0.5
ORmozillafirefoxMatch3.0.6
ORmozillafirefoxMatch3.0.7
ORmozillafirefoxMatch3.0.8
ORmozillafirefoxMatch3.0.9
ORmozillafirefoxMatch3.0.10
ORmozillafirefoxMatch3.0.11
ORmozillafirefoxMatch3.0.12
ORmozillafirefoxMatch3.0.13
ORmozillafirefoxMatch3.0.14
ORmozillafirefoxMatch3.0.15
ORmozillafirefoxMatch3.0.16
ORmozillafirefoxMatch3.0.17
ORmozillafirefoxMatch3.0.18
ORmozillafirefoxMatch3.0.19
ORmozillafirefoxMatch3.5
ORmozillafirefoxMatch3.5.1
ORmozillafirefoxMatch3.5.2
ORmozillafirefoxMatch3.5.3
ORmozillafirefoxMatch3.5.4
ORmozillafirefoxMatch3.5.5
ORmozillafirefoxMatch3.5.6
ORmozillafirefoxMatch3.5.7
ORmozillafirefoxMatch3.5.8
ORmozillafirefoxMatch3.5.9
ORmozillafirefoxMatch3.5.10
ORmozillafirefoxMatch3.5.11
ORmozillafirefoxMatch3.5.12
ORmozillafirefoxMatch3.5.13
ORmozillafirefoxMatch3.5.14
ORmozillafirefoxMatch3.5.15
ORmozillafirefoxMatch3.5.16
ORmozillafirefoxMatch3.5.17
ORmozillafirefoxMatch3.5.18
ORmozillafirefoxMatch3.5.19
ORmozillafirefoxMatch3.6
ORmozillafirefoxMatch3.6.2
ORmozillafirefoxMatch3.6.3
ORmozillafirefoxMatch3.6.4
ORmozillafirefoxMatch3.6.6
ORmozillafirefoxMatch3.6.7
ORmozillafirefoxMatch3.6.8
ORmozillafirefoxMatch3.6.9
ORmozillafirefoxMatch3.6.10
ORmozillafirefoxMatch3.6.11
ORmozillafirefoxMatch3.6.12
ORmozillafirefoxMatch3.6.13
ORmozillafirefoxMatch3.6.14
ORmozillafirefoxMatch3.6.15
ORmozillafirefoxMatch3.6.16
ORmozillafirefoxMatch3.6.17
ORmozillafirefoxMatch3.6.18
ORmozillafirefoxMatch3.6.19
ORmozillafirefoxMatch3.6.20
ORmozillafirefoxMatch3.6.21
ORmozillafirefoxMatch3.6.22
ORmozillafirefoxMatch3.6.23
ORmozillafirefoxMatch3.6.24
ORmozillafirefoxMatch3.6.25
ORmozillafirefoxMatch3.6.26
ORmozillafirefoxMatch3.6.27
ORmozillafirefoxMatch3.6.28
ORmozillafirefoxMatch4.0
ORmozillafirefoxMatch4.0beta1
ORmozillafirefoxMatch4.0beta10
ORmozillafirefoxMatch4.0beta11
ORmozillafirefoxMatch4.0beta12
ORmozillafirefoxMatch4.0beta2
ORmozillafirefoxMatch4.0beta3
ORmozillafirefoxMatch4.0beta4
ORmozillafirefoxMatch4.0beta5
ORmozillafirefoxMatch4.0beta6
ORmozillafirefoxMatch4.0beta7
ORmozillafirefoxMatch4.0beta8
ORmozillafirefoxMatch4.0beta9
ORmozillafirefoxMatch4.0.1
ORmozillafirefoxMatch5.0
ORmozillafirefoxMatch5.0.1
ORmozillafirefoxMatch6.0
ORmozillafirefoxMatch6.0.1
ORmozillafirefoxMatch6.0.2
ORmozillafirefoxMatch7.0
ORmozillafirefoxMatch7.0.1
ORmozillafirefoxMatch8.0
ORmozillafirefoxMatch8.0.1
ORmozillafirefoxMatch9.0
ORmozillafirefoxMatch9.0.1
ORmozillafirefoxMatch10.0
ORmozillafirefoxMatch10.0.1
ORmozillafirefoxMatch10.0.2
ORmozillafirefoxMatch10.0.3
ORmozillafirefoxMatch10.0.4
ORmozillafirefoxMatch10.0.5
ORmozillafirefoxMatch10.0.6
ORmozillafirefoxMatch10.0.7
ORmozillafirefoxMatch10.0.8
ORmozillafirefoxMatch10.0.9
ORmozillafirefoxMatch10.0.10
ORmozillafirefoxMatch10.0.11
ORmozillafirefoxMatch10.0.12
ORmozillafirefoxMatch11.0
ORmozillafirefoxMatch12.0
ORmozillafirefoxMatch12.0beta6
ORmozillafirefoxMatch13.0
ORmozillafirefoxMatch13.0.1
ORmozillafirefoxMatch14.0
ORmozillafirefoxMatch14.0.1
ORmozillafirefoxMatch15.0
ORmozillafirefoxMatch15.0.1
ORmozillafirefoxMatch16.0
ORmozillafirefoxMatch16.0.1
ORmozillafirefoxMatch16.0.2
ORmozillafirefoxMatch17.0
ORmozillafirefoxMatch17.0.1
ORmozillafirefoxMatch17.0.2
ORmozillafirefoxMatch17.0.3
ORmozillafirefoxMatch17.0.4
ORmozillafirefoxMatch17.0.5
ORmozillafirefoxMatch17.0.6
ORmozillafirefoxMatch17.0.7
ORmozillafirefoxMatch17.0.8
ORmozillafirefoxMatch17.0.9
ORmozillafirefoxMatch17.0.10
ORmozillafirefoxMatch17.0.11
ORmozillafirefoxMatch18.0
ORmozillafirefoxMatch18.0.1
ORmozillafirefoxMatch18.0.2
ORmozillafirefoxMatch19.0
ORmozillafirefoxMatch19.0.1
ORmozillafirefoxMatch19.0.2
ORmozillafirefoxMatch20.0
ORmozillafirefoxMatch20.0.1
ORmozillafirefoxMatch21.0
ORmozillafirefoxMatch22.0
ORmozillafirefoxMatch23.0
ORmozillafirefoxMatch23.0.1
ORmozillafirefoxMatch24.0
ORmozillafirefoxMatch24.1
ORmozillafirefoxMatch24.1.1
ORmozillafirefoxMatch25.0
ORmozillafirefoxMatch25.0.1
ORmozillafirefoxMatch26.0
ORmozillafirefoxMatch27.0
ORmozillafirefoxMatch27.0.1
ORmozillafirefoxMatch28.0
ORmozillafirefoxMatch29.0
ORmozillafirefoxMatch29.0.1
ORmozillafirefoxMatch30.0
ORmozillafirefoxMatch31.0
ORmozillafirefoxMatch31.1.0
ORmozillafirefoxMatch32.0
ORmozillafirefoxMatch33.0
ORmozillafirefoxMatch34.0.5
References
lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html
lists.opensuse.org/opensuse-updates/2015-03/msg00067.html
www.mozilla.org/security/announce/2015/mfsa2015-15.html
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
www.securityfocus.com/bid/72743
www.securitytracker.com/id/1031791
www.ubuntu.com/usn/USN-2505-1
bugzilla.mozilla.org/show_bug.cgi?id=1098314
security.gentoo.org/glsa/201504-01
Related
ubuntucve
ubuntucve
CVE-2015-0834
2015-02-25 00:00:00
cvelist
cvelist
CVE-2015-0834
2015-02-25 11:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox WebRTC Man-in-the-Middle Attack (CVE-2015-0834)
2015-03-18 00:00:00
prion
prion
Code injection
2015-02-25 11:59:00
nvd
nvd
CVE-2015-0834
2015-02-25 11:59:14
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2015-15) - Linux
2021-11-11 00:00:00
Ubuntu: Security Advisory (USN-2505-1)
2015-02-26 00:00:00
Mozilla Firefox Multiple Vulnerabilities-01 (Mar 2015) - Mac OS X
2015-03-03 00:00:00
mozilla
mozilla
ubuntu
ubuntu
Firefox vulnerabilities
2015-02-25 00:00:00
Firefox regression
2015-03-09 00:00:00
archlinux
archlinux
firefox: multiple issues
2015-02-25 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : Firefox regression (USN-2505-2)
2015-03-10 00:00:00
Firefox < 36.0 Multiple Vulnerabilities (Mac OS X)
2015-02-25 00:00:00
Mozilla Firefox ESR < 31.5 Multiple Vulnerabilities
2019-11-06 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-02-24 00:00:00
kaspersky
kaspersky
KLA10464 Multiple vulnerabilities in Mozilla products
2015-02-24 00:00:00
suse
suse
Security update for MozillaFirefox, mozilla-nss (important)
2015-03-01 11:04:54
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-03-22 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
9 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
56.2%
Related for CVE-2015-0834