CVE-2015-2730

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-2730
Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
http://rhn.redhat.com/errata/RHSA-2015-1664.html
http://rhn.redhat.com/errata/RHSA-2015-1699.html
http://www.debian.org/security/2015/dsa-3336
http://www.mozilla.org/security/announce/2015/mfsa2015-64.html Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html Third Party Advisory
http://www.securityfocus.com/bid/75541
http://www.securityfocus.com/bid/83399
http://www.securitytracker.com/id/1032783
http://www.ubuntu.com/usn/USN-2656-1
http://www.ubuntu.com/usn/USN-2656-2
http://www.ubuntu.com/usn/USN-2672-1
https://bugzilla.mozilla.org/show_bug.cgi?id=1125025 Issue Tracking
https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes Vendor Advisory
https://security.gentoo.org/glsa/201512-10
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
http://rhn.redhat.com/errata/RHSA-2015-1664.html
http://rhn.redhat.com/errata/RHSA-2015-1699.html
http://www.debian.org/security/2015/dsa-3336
http://www.mozilla.org/security/announce/2015/mfsa2015-64.html Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html Third Party Advisory
http://www.securityfocus.com/bid/75541
http://www.securityfocus.com/bid/83399
http://www.securitytracker.com/id/1032783
http://www.ubuntu.com/usn/USN-2656-1
http://www.ubuntu.com/usn/USN-2656-2
http://www.ubuntu.com/usn/USN-2672-1
https://bugzilla.mozilla.org/show_bug.cgi?id=1125025 Issue Tracking
https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes Vendor Advisory
https://security.gentoo.org/glsa/201512-10
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_server:11:sp4:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*
OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:31.3.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:31.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:31.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:31.5.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.6.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.7.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*
History

21 Nov 2024, 02:27

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html - () http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html -
References () http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html - () http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html -
References () http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html - Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html - Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html - Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html - Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html - () http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html -
References () http://rhn.redhat.com/errata/RHSA-2015-1664.html - () http://rhn.redhat.com/errata/RHSA-2015-1664.html -
References () http://rhn.redhat.com/errata/RHSA-2015-1699.html - () http://rhn.redhat.com/errata/RHSA-2015-1699.html -
References () http://www.debian.org/security/2015/dsa-3336 - () http://www.debian.org/security/2015/dsa-3336 -
References () http://www.mozilla.org/security/announce/2015/mfsa2015-64.html - Vendor Advisory () http://www.mozilla.org/security/announce/2015/mfsa2015-64.html - Vendor Advisory
References () http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html - Third Party Advisory () http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html - Third Party Advisory
References () http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html - Third Party Advisory () http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html - Third Party Advisory
References () http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html - Third Party Advisory () http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html - Third Party Advisory
References () http://www.securityfocus.com/bid/75541 - () http://www.securityfocus.com/bid/75541 -
References () http://www.securityfocus.com/bid/83399 - () http://www.securityfocus.com/bid/83399 -
References () http://www.securitytracker.com/id/1032783 - () http://www.securitytracker.com/id/1032783 -
References () http://www.ubuntu.com/usn/USN-2656-1 - () http://www.ubuntu.com/usn/USN-2656-1 -
References () http://www.ubuntu.com/usn/USN-2656-2 - () http://www.ubuntu.com/usn/USN-2656-2 -
References () http://www.ubuntu.com/usn/USN-2672-1 - () http://www.ubuntu.com/usn/USN-2672-1 -
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1125025 - Issue Tracking () https://bugzilla.mozilla.org/show_bug.cgi?id=1125025 - Issue Tracking
References () https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes - Vendor Advisory () https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes - Vendor Advisory
References () https://security.gentoo.org/glsa/201512-10 - () https://security.gentoo.org/glsa/201512-10 -

22 Oct 2024, 13:54

Type Values Removed Values Added
CPE cpe:2.3:a:mozilla:firefox_esr:31.5.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:31.5.1:*:*:*:*:*:*:*

22 Oct 2024, 13:42

Type Values Removed Values Added
CPE cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*

21 Oct 2024, 13:55

Type Values Removed Values Added
CPE cpe:2.3:a:mozilla:firefox_esr:31.1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:*		 cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*

21 Oct 2024, 13:11

Type Values Removed Values Added
CPE cpe:2.3:a:mozilla:firefox_esr:31.3.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.5.3:*:*:*:*:*:*:*		 cpe:2.3:a:mozilla:firefox:31.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:31.3.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:31.5.3:*:*:*:*:*:*:*
Information

Published : 2015-07-06 02:01

Updated : 2024-11-21 02:27

NVD link : CVE-2015-2730

Mitre link : CVE-2015-2730

CVE.ORG link : CVE-2015-2730

JSON object : View

Products Affected

novell

  • suse_linux_enterprise_desktop
  • suse_linux_enterprise_software_development_kit
  • suse_linux_enterprise_server

mozilla

  • network_security_services
  • firefox
  • firefox_esr

oracle

  • solaris
  • vm_server

debian

  • debian_linux
CWE
CWE-310

Cryptographic Issues