[email protected]NVD:CVE-2015-2730

HistoryJul 06, 2015 - 2:01 a.m.

CVE-2015-2730

2015-07-0602:01:01

CWE-310

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

4.3 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.7%

JSON

Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.

Affected configurations

NVD

Node

novellsuse_linux_enterprise_software_development_kitMatch12.0

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

novellsuse_linux_enterprise_desktopMatch12.0

novellsuse_linux_enterprise_serverMatch11sp4

novellsuse_linux_enterprise_serverMatch12.0

Node

mozillanetwork_security_servicesRange≤3.19

AND

mozillafirefoxRange≤38.1.0

mozillafirefox_esrMatch31.0

mozillafirefox_esrMatch31.1

mozillafirefox_esrMatch31.1.0

mozillafirefox_esrMatch31.1.1

mozillafirefox_esrMatch31.2

mozillafirefox_esrMatch31.3

mozillafirefox_esrMatch31.3.0

mozillafirefox_esrMatch31.4

mozillafirefox_esrMatch31.5

mozillafirefox_esrMatch31.5.1

mozillafirefox_esrMatch31.5.2

mozillafirefox_esrMatch31.5.3

mozillafirefox_esrMatch31.6.0

mozillafirefox_esrMatch31.7.0

mozillafirefox_esrMatch38.0

Node

oraclesolarisMatch11.3

oraclevm_serverMatch3.2

References

lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html

lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

rhn.redhat.com/errata/RHSA-2015-1664.html

rhn.redhat.com/errata/RHSA-2015-1699.html

www.debian.org/security/2015/dsa-3336

www.mozilla.org/security/announce/2015/mfsa2015-64.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

www.securityfocus.com/bid/75541

www.securityfocus.com/bid/83399

www.securitytracker.com/id/1032783

www.ubuntu.com/usn/USN-2656-1

www.ubuntu.com/usn/USN-2656-2

www.ubuntu.com/usn/USN-2672-1

bugzilla.mozilla.org/show_bug.cgi?id=1125025

developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes

security.gentoo.org/glsa/201512-10

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

4.3 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.7%

JSON

Related for NVD:CVE-2015-2730

f52 ibm9 redhat2 nessus31 mozilla1 openvas28 ubuntucve1 debiancve1 cve1 centos2 amazon1 veracode1 cvelist1 prion1 oraclelinux3 debian3 osv2 ubuntu3 mageia1 suse6 kaspersky1 securityvulns1 freebsd1 gentoo1