CVE-2015-7200 — Mozilla Firefox vulnerability

CWE-179 documents6 sources

Severity

7.5HIGHNVD

EPSS

2.3%

top 15.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird

Timeline

PublishedNov 5

Latest updateMay 17

Description

The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶Ubuntumozilla/firefox< 42.0+build2-0ubuntu0.14.04.1

▶NVDmozilla/firefox41.0.2+8

▶Ubuntumozilla/thunderbird< 1:38.4.0+build3-0ubuntu0.14.04.1

🔴Vulnerability Details

GHSA

GHSA-mhm4-c785-rp95: The CryptoKey interface implementation in Mozilla Firefox before 42↗2022-05-17

▶

OSV

thunderbird vulnerabilities↗2015-12-01

▶

OSV

firefox vulnerabilities↗2015-11-04

▶

OSV

CVE-2015-7200: The CryptoKey interface implementation in Mozilla Firefox before 42↗2015-11-04

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2015-12-01

▶

Ubuntu

Firefox vulnerabilities↗2015-11-04

▶

Red Hat

Mozilla: Vulnerabilities found through code inspection (MFSA 2015-131)↗2015-11-04

▶

💬Community

Bugzilla

CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-131)↗2015-11-03

▶