Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla
Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and
other products, does not properly perform Elliptical Curve Cryptography
(ECC) multiplications, which makes it easier for remote attackers to spoof
ECDSA signatures via unspecified vectors.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.04 | noarch | firefox | < 39.0+build5-0ubuntu0.12.04.2 | UNKNOWN |
ubuntu | 14.04 | noarch | firefox | < 39.0+build5-0ubuntu0.14.04.1 | UNKNOWN |
ubuntu | 14.10 | noarch | firefox | < 39.0+build5-0ubuntu0.14.10.1 | UNKNOWN |
ubuntu | 15.04 | noarch | firefox | < 39.0+build5-0ubuntu0.15.04.1 | UNKNOWN |
ubuntu | 12.04 | noarch | nss | < 3.19.2-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | nss | < 2:3.19.2-0ubuntu0.14.04.1 | UNKNOWN |
ubuntu | 14.10 | noarch | nss | < 2:3.19.2-0ubuntu0.14.10.1 | UNKNOWN |
ubuntu | 15.04 | noarch | nss | < 2:3.19.2-0ubuntu15.04.1 | UNKNOWN |
ubuntu | 12.04 | noarch | thunderbird | < 1:31.8.0+build1-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | thunderbird | < 1:31.8.0+build1-0ubuntu0.14.04.1 | UNKNOWN |
www.mozilla.org/security/announce/2015/mfsa2015-64.html
bugzilla.mozilla.org/show_bug.cgi?id=1125025
developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes
launchpad.net/bugs/cve/CVE-2015-2730
nvd.nist.gov/vuln/detail/CVE-2015-2730
security-tracker.debian.org/tracker/CVE-2015-2730
ubuntu.com/security/notices/USN-2656-1
ubuntu.com/security/notices/USN-2656-2
ubuntu.com/security/notices/USN-2672-1
ubuntu.com/security/notices/USN-2673-1
www.cve.org/CVERecord?id=CVE-2015-2730
www.mozilla.org/en-US/security/advisories/mfsa2015-64/