CVE-2015-2730

Severity

43%

Complexity

86%

Confidentiality

48%

Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.

Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N).

Overview

First reported 9 years ago

2015-07-06 02:01:00

Last updated 8 years ago

2016-12-28 02:59:00

Affected Software

Debian Linux 7.0

7.0

Debian Linux 8.0 (Jessie)

8.0

Novell SUSE Linux Enterprise Desktop 12.0

12.0

Novell SUSE Linux Enterprise Server 12.0

12.0

Oracle Solaris 11.3

11.3

References

openSUSE-SU-2015:1229

openSUSE-SU-2015:1266

SUSE-SU-2015:1268

Third Party Advisory

SUSE-SU-2015:1269

Third Party Advisory

SUSE-SU-2015:1449

RHSA-2015:1664

RHSA-2015:1699

DSA-3336

http://www.mozilla.org/security/announce/2015/mfsa2015-64.html

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Third Party Advisory

75541

83399

1032783

USN-2656-1

USN-2656-2

USN-2672-1

https://bugzilla.mozilla.org/show_bug.cgi?id=1125025

Issue Tracking

https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes

Vendor Advisory

GLSA-201512-10

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.