CVE-2015-2730

CWE-310 CWE-34711 documents8 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 54.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Network Security Services Debian Debian Linux Novell Suse Linux Enterprise Desktop +4 more

Timeline

PublishedJul 6

Latest updateMay 17

Description

Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages7 packages

▶NVDmozilla/network_security_services3.19

▶Debiannss< 2:3.19.1-1+3

▶NVDoracle/solaris11.3

▶NVDoracle/vm_server3.2

▶NVDnovell/suse_linux_enterprise_server11, 12.0+1

Also affects: Debian Linux 7.0, 8.0

🔴Vulnerability Details

GHSA

GHSA-85fg-8m94-wc2q: Mozilla Network Security Services (NSS) before 3↗2022-05-17

▶

OSV

nss vulnerabilities↗2015-07-09

▶

CVEList

CVE-2015-2730: Mozilla Network Security Services (NSS) before 3↗2015-07-06

▶

OSV

CVE-2015-2730: Mozilla Network Security Services (NSS) before 3↗2015-07-06

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2015-07-15

▶

Ubuntu

Firefox vulnerabilities↗2015-07-09

▶

Ubuntu

NSS vulnerabilities↗2015-07-09

▶

Red Hat

NSS: ECDSA signature validation fails to handle some signatures correctly (MFSA 2015-64)↗2015-07-02

▶

Debian

CVE-2015-2730: nss - Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefo...↗2015

▶

💬Community

Bugzilla

CVE-2015-2730 NSS: ECDSA signature validation fails to handle some signatures correctly (MFSA 2015-64)↗2015-06-30

▶