Firefox vulnerability

2016-01-0800:00:00

ubuntu.com

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

6.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

68.8%

JSON

Releases

Ubuntu 15.10
Ubuntu 15.04
Ubuntu 14.04 ESM
Ubuntu 12.04

Packages

firefox - Mozilla Open Source web browser

Details

Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly
allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were
able to perform a machine-in-the-middle attack, this flaw could be exploited to
view sensitive information.

OSVersionArchitecturePackageVersionFilename
Ubuntu15.10noarchfirefox< 43.0.4+build3-0ubuntu0.15.10.1UNKNOWN
Ubuntu15.10noarchfirefox-dbg< 43.0.4+build3-0ubuntu0.15.10.1UNKNOWN
Ubuntu15.10noarchfirefox-dbgsym< 43.0.4+build3-0ubuntu0.15.10.1UNKNOWN
Ubuntu15.10noarchfirefox-dev< 43.0.4+build3-0ubuntu0.15.10.1UNKNOWN
Ubuntu15.10noarchfirefox-globalmenu< 43.0.4+build3-0ubuntu0.15.10.1UNKNOWN
Ubuntu15.10noarchfirefox-locale-af< 43.0.4+build3-0ubuntu0.15.10.1UNKNOWN
Ubuntu15.10noarchfirefox-locale-an< 43.0.4+build3-0ubuntu0.15.10.1UNKNOWN
Ubuntu15.10noarchfirefox-locale-ar< 43.0.4+build3-0ubuntu0.15.10.1UNKNOWN
Ubuntu15.10noarchfirefox-locale-as< 43.0.4+build3-0ubuntu0.15.10.1UNKNOWN
Ubuntu15.10noarchfirefox-locale-ast< 43.0.4+build3-0ubuntu0.15.10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	15.10	noarch	firefox	< 43.0.4+build3-0ubuntu0.15.10.1	UNKNOWN
Ubuntu	15.10	noarch	firefox-dbg	< 43.0.4+build3-0ubuntu0.15.10.1	UNKNOWN
Ubuntu	15.10	noarch	firefox-dbgsym	< 43.0.4+build3-0ubuntu0.15.10.1	UNKNOWN
Ubuntu	15.10	noarch	firefox-dev	< 43.0.4+build3-0ubuntu0.15.10.1	UNKNOWN
Ubuntu	15.10	noarch	firefox-globalmenu	< 43.0.4+build3-0ubuntu0.15.10.1	UNKNOWN
Ubuntu	15.10	noarch	firefox-locale-af	< 43.0.4+build3-0ubuntu0.15.10.1	UNKNOWN
Ubuntu	15.10	noarch	firefox-locale-an	< 43.0.4+build3-0ubuntu0.15.10.1	UNKNOWN
Ubuntu	15.10	noarch	firefox-locale-ar	< 43.0.4+build3-0ubuntu0.15.10.1	UNKNOWN
Ubuntu	15.10	noarch	firefox-locale-as	< 43.0.4+build3-0ubuntu0.15.10.1	UNKNOWN
Ubuntu	15.10	noarch	firefox-locale-ast	< 43.0.4+build3-0ubuntu0.15.10.1	UNKNOWN