ID CVE-2015-2730
Summary Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.
References
Vulnerable Configurations
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • cpe:2.3:o:novell:suse_linux_enterprise_server:11:sp4
    cpe:2.3:o:novell:suse_linux_enterprise_server:11:sp4
  • Novell SUSE Linux Enterprise Desktop 12.0
    cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0
  • Novell SUSE Linux Enterprise Server 12.0
    cpe:2.3:o:novell:suse_linux_enterprise_server:12.0
  • cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0
    cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0
  • Mozilla Network Security Services (NSS) 3.19
    cpe:2.3:a:mozilla:network_security_services:3.19
  • Mozilla Firefox Extended Support Release (ESR) 31.0
    cpe:2.3:a:mozilla:firefox_esr:31.0
  • Mozilla Firefox Extended Support Release (ESR) 31.1
    cpe:2.3:a:mozilla:firefox_esr:31.1
  • Mozilla Firefox Extended Support Release (ESR) 31.1.0
    cpe:2.3:a:mozilla:firefox_esr:31.1.0
  • Mozilla Firefox Extended Support Release (ESR) 31.1.1
    cpe:2.3:a:mozilla:firefox_esr:31.1.1
  • Mozilla Firefox Extended Support Release (ESR) 31.2
    cpe:2.3:a:mozilla:firefox_esr:31.2
  • Mozilla Firefox Extended Support Release (ESR) 31.3
    cpe:2.3:a:mozilla:firefox_esr:31.3
  • Mozilla Firefox Extended Support Release (ESR) 31.3.0
    cpe:2.3:a:mozilla:firefox_esr:31.3.0
  • Mozilla Firefox Extended Support Release (ESR) 31.4
    cpe:2.3:a:mozilla:firefox_esr:31.4
  • Mozilla Firefox Extended Support Release (ESR) 31.5
    cpe:2.3:a:mozilla:firefox_esr:31.5
  • Mozilla Firefox Extended Support Release (ESR) 31.5.1
    cpe:2.3:a:mozilla:firefox_esr:31.5.1
  • Mozilla Firefox Extended Support Release (ESR) 31.5.2
    cpe:2.3:a:mozilla:firefox_esr:31.5.2
  • Mozilla Firefox Extended Support Release (ESR) 31.5.3
    cpe:2.3:a:mozilla:firefox_esr:31.5.3
  • cpe:2.3:a:mozilla:firefox_esr:31.6.0
    cpe:2.3:a:mozilla:firefox_esr:31.6.0
  • cpe:2.3:a:mozilla:firefox_esr:31.7.0
    cpe:2.3:a:mozilla:firefox_esr:31.7.0
  • Mozilla Firefox ESR 38.0
    cpe:2.3:a:mozilla:firefox_esr:38.0
  • Mozilla Firefox 38.1.0
    cpe:2.3:a:mozilla:firefox:38.1.0
  • Oracle Solaris 11.3
    cpe:2.3:o:oracle:solaris:11.3
  • cpe:2.3:o:oracle:vm_server:3.2
    cpe:2.3:o:oracle:vm_server:3.2
CVSS
Base: 4.3 (as of 19-10-2016 - 14:11)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0066.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix SSL_DH_MIN_P_BITS in more places. - Keep SSL_DH_MIN_P_BITS at 768 as in the previously released build. - Run SSL tests - Add compatility patches to prevent regressions - Ensure all ssl.sh tests are executed - Rebase to nss 3.21 - Resolves: Bug 1297944 - Rebase RHEL 5.11.z to NSS 3.21 in preparation for Firefox 45 - Actually apply the fix for CVE-2016-1950 from NSS 3.19.2.3 ... - Include the fix for CVE-2016-1950 from NSS 3.19.2.3 - Resolves: Bug 1269354 - CVE-2015-7182 (CVE-2015-7181) - Rebase nss to 3.19.1 - Pick up upstream fix for client auth. regression caused by 3.19.1 - Revert upstream change to minimum key sizes - Remove patches that rendered obsolote by the rebase - Update existing patches on account of the rebase - Pick up upstream patch from nss-3.19.1 - Resolves: Bug 1236954 - CVE-2015-2730 NSS: ECDSA signature validation fails to handle some signatures correctly (MFSA 2015-64) - Resolves: Bug 1236967 - CVE-2015-2721 NSS: incorrectly permited skipping of ServerKeyExchange (MFSA 2015-71) - On RHEL 6.x keep the TLS version defaults unchanged. - Update to CKBI 2.4 from NSS 3.18.1 (the only change in NSS 3.18.1) - Copy PayPalICA.cert and PayPalRootCA.cert to nss/tests/libpkix/certs - Resolves: Bug 1200905 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-5.11] - Update and reeneable nss-646045.patch on account of the rebase - Enable additional ssl test cycles and document why some aren't enabled - Resolves: Bug 1200905 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-5.11] - Fix shell syntax error on nss/tests/all.sh - Resolves: Bug 1200905 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-5.11] - Replace expired PayPal test certificate that breaks the build - Resolves: Bug 1200905 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-5.11] - Resolves: Bug 1200905 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-5.11] - Resolves: Bug 1158159 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 - Adjust softokn patch to be compatible with legacy softokn API. - Resolves: Bug 1145430 - (CVE-2014-1568) - Add patches published with NSS 3.16.2.1 - Resolves: Bug 1145430 - (CVE-2014-1568) - Backport nss-3.12.6 upstream fix required by Firefox 31 ESR - Resolves: Bug 1110860 - Rebase to nss-3.16.1 for FF31 - Resolves: Bug 1110860 - Rebase nss in RHEL 5.11 to NSS 3.16.1, required for FF 31 - Remove unused and obsolete patches - Related: Bug 1032468 - Improve shell code for error detection on %check section - Resolves: Bug 1035281 - Suboptimal shell code in nss.spec - Revoke trust in one mis-issued anssi certificate - Resolves: Bug 1042684 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) - Pick up corrections made in the rhel-10.Z branch, remove an unused patch - Resolves: rhbz#1032468 - CVE-2013-5605 CVE-2013-5606 (CVE-2013-1741) nss: various flaws [rhel-5.11] - Remove unused patch and retag for update to nss-3.15.3 - Resolves: rhbz#1032468 - CVE-2013-5605 CVE-2013-5606 (CVE-2013-1741) nss: various flaws [rhel-5.11] - Update to nss-3.15.3 - Resolves: rhbz#1032468 - CVE-2013-5605 CVE-2013-5606 (CVE-2013-1741) nss: various flaws [rhel-5.11] - Remove unused patches - Resolves: rhbz#1002642 - Rebase RHEL 5 to NSS 3.15.1 (for FF 24.x) - Rebase to nss-3.15.1 - Resolves: rhbz#1002642 - Rebase RHEL 5 to NSS 3.15.1 (for FF 24.x) - Resolves: rhbz#1015864 - [Regression] NSS no longer trusts MD5 certificates - Split %check section tests in two: freebl/softoken and rest of nss tests - Adjust various patches and spec file steps on account of the rebase - Add various patches and remove obsoleted ones on account of the rebase - Renumber patches so freeb/softoken ones match the corresponding ones in rhel-6 nss-softokn - Make the freebl sources identical to the corresponding ones for rhel-6.5 - Related: rhbz#987131 - Adjust the patches to complete the syncup with upstrean nss - Use NSS_DISABLE_HW_GCM on the patch as we do on the spec file - Ensure softoken/freebl code is the same on nss side as on the softoken side - Related: rhbz#987131 - Add disable_hw_gcm.patch and in the spec file export NSS_DISABLE_HW_GCM=1 - Disable HW GCM on RHEL-5 as the older kernel lacks support for it - Related: rhbz#987131 - Related: rhbz#987131 - Display cpuifo as part of the tests - Resolves: rhbz#987131 - Pick up various upstream GCM code fixes applied since nss-3.14.3 was released - Roll back to 79c87e69caa7454cbcf5f8161a628c538ff3cab3 - Peviously added patch hasn't solved the sporadic core dumps - Related: rhbz#983766 - nssutil_ReadSecmodDB leaks memory - Resolves: rhbz#983766 - nssutil_ReadSecmodDB leaks memory - Add patch to get rid of sporadic blapitest core dumps - Restore 'export NO_FORK_CHECK=1' required for binary compatibility on RHEL-5 - Remove an unused patch - Resolves: rhbz#918948 - [RFE][RHEL5] Rebase to nss-3.14.3 - Resolves: rhbz#807419 - nss-tools certutil -H does not list all options - Apply upstream fixes for ecc enabling and aes gcm - Rename two macros EC_MIN_KEY_BITS and EC_MAX_KEY_BITS per upstream - Apply several upstream AES GCM fixes - Resolves: rhbz#960241 - Enable ECC in nss and freebl - Resolves: rhbz#918948 - [RFE][RHEL5] - Enable ECC support limited to suite b - Export NSS_ENABLE_ECC=1 in the %check section to properly test ecc - Resolves: rhbz#960241 - Enable ECC in nss and freebl - Define -DNO_FORK_CHECK when compiling softoken for ABI compatibility - Resolves: rhbz#918948 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue - Remove obsolete nss-nochktest.patch - Related: rhbz#960241 - Enable ECC in nss and freebl - Enable ECC by using the unstripped sources - Resolves: rhbz#960241 - Enable ECC in nss and freebl - Fix rpmdiff test reported failures and remove other unwanted changes - Resolves: rhbz#918948 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue - Mon Apr 22 2013 Elio Maldonado - 3.14.3-3 - Update to NSS_3_14_3_RTM - Rework the rebase to preserve needed idiosynchracies - Ensure we install frebl/softoken from the extra build tree - Don't include freebl static library or its private headers - Add patch to deal with system sqlite not being recent enough - Don't install nss-sysinit nor sharedb - Resolves: rhbz#918948 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue - Mon Apr 01 2013 Elio Maldonado - 3.14.3-2 - Restore the freebl-softoken source tar ball updated to 3.14.3 - Renumbering of some sources for clarity - Resolves: rhbz#918948 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue - Update to NSS_3_14_3_RTM - Resolves: rhbz#918948 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue - Resolves: rhbz#891150 - Dis-trust TURKTRUST mis-issued *.google.com certificate - Update to NSS_3_13_6_RTM - Resolves: rhbz#883788 - [RFE] [RHEL5] Rebase to NSS >= 3.13.6 - Resolves: rhbz#820684 - Fix last entry in attrFlagsArray to be [NAME_SIZE(unextractable), PK11_ATTR_UNEXTRACTABLE] - Resolves: rhbz#820684 - Enable certutil handle user supplied flags for PKCS #11 attributes. - This will enable certutil to generate keys in fussy hardware tokens. - fix an error in the patch meta-information area (no code change) - Related: rhbz#830304 - Fix ia64 / i386 multilib nss install failure - Remove no longer needed %pre and %preun scriplets meant for nss updates from RHEL-5.0 - Related: rhbz#830304 - Fix the changes to the %post line - Having multiple commands requires that /sbin/lconfig be the beginning of the scriptlet - Resolves: rhbz#830304 - Fix multilib and scriptlet problems - Fix %post and %postun lines per packaging guildelines - Add %[?_isa] to tools Requires: per packaging guidelines - Fix explicit-lib-dependency zlib error reported by rpmlint - Resolves: rhbz#830304 - Remove unwanted change to nss.pc.in - Update to NSS_3_13_5_RTM - Resolves: rhbz#830304 - Update RHEL 5.x to NSS 3.13.5 and NSPR 4.9.1 for Mozilla 10.0.6 - Resolves: rhbz#797939 - Protect NSS_Shutdown from clients that fail to initialize nss - Resolves: Bug 788039 - retagging to prevent update problems - Resolves: Bug 788039 - rebase nss to make firefox 10 LTS rebase possible - Update to 4.8.9 - Resolves: Bug 713373 - File descriptor leak after service httpd reload - Don't initialize nss if already initialized or if there are no dbs - Retagging for a Y-stream version higher than the RHEL-5-7-Z branch - Retagging to keep the n-v-r as high as that for the RHEL-5-7-Z branch - Update builtins certs to those from NSSCKBI_1_88_RTM - Plug file descriptor leaks on httpd reloads - Update builtins certs to those from NSSCKBI_1_87_RTM - Update builtins certs to those from NSSCKBI_1_86_RTM - Update builtins certs to NSSCKBI_1_85_RTM - Update to 3.12.10 - Fix libcrmf hard-coded maximum size for wrapped private keys - Update builtin certs to NSS_3.12.9_WITH_CKBI_1_82_RTM via a patch - Update builtin certs to those from NSS_3.12.9_WITH_CKBI_1_82_RTM - Update to 3.12.8
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 91747
    published 2016-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91747
    title OracleVM 3.2 : nss (OVMSA-2016-0066)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2015-0118.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Pick up upstream freebl patch for (CVE-2015-2730) - Check for P == Q or P ==-Q before adding P and Q
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 85733
    published 2015-09-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85733
    title OracleVM 3.3 : nss-softokn (OVMSA-2015-0118)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_44D9DAEE940C417986BB6E3FFD617869.NASL
    description The Mozilla Project reports : MFSA 2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1) MFSA 2015-60 Local files or privileged URLs in pages can be opened into new tabs MFSA 2015-61 Type confusion in Indexed Database Manager MFSA 2015-62 Out-of-bound read while computing an oscillator rendering range in Web Audio MFSA 2015-63 Use-after-free in Content Policy due to microtask execution error MFSA 2015-64 ECDSA signature validation fails to handle some signatures correctly MFSA 2015-65 Use-after-free in workers while using XMLHttpRequest MFSA 2015-66 Vulnerabilities found through code inspection MFSA 2015-67 Key pinning is ignored when overridable errors are encountered MFSA 2015-68 OS X crash reports may contain entered key press information MFSA 2015-69 Privilege escalation through internal workers MFSA 2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites MFSA 2015-71 NSS incorrectly permits skipping of ServerKeyExchange
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 84780
    published 2015-07-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84780
    title FreeBSD : mozilla -- multiple vulnerabilities (44d9daee-940c-4179-86bb-6e3ffd617869) (Logjam)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1449-1.NASL
    description Mozilla Firefox is being updated to the current Firefox 38ESR branch (specifically the 38.2.0ESR release). Security issues fixed : - MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file stealing via PDF reader - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) - MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with malformed MP3 file - MFSA 2015-82 / CVE-2015-4478: Redefinition of non-configurable JavaScript object properties - MFSA 2015-83 / CVE-2015-4479: Overflow issues in libstagefright - MFSA 2015-87 / CVE-2015-4484: Crash when using shared memory in JavaScript - MFSA 2015-88 / CVE-2015-4491: Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90 / CVE-2015-4487/CVE-2015-4488/CVE-2015-4489: Vulnerabilities found through code inspection - MFSA 2015-92 / CVE-2015-4492: Use-after-free in XMLHttpRequest with shared workers The following vulnerabilities were fixed in ESR31 and are also included here : - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/ CVE-2015-2738/CVE-2 015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). This update also contains a lot of feature improvements and bug fixes from 31ESR to 38ESR. Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4, which is what Firefox 38ESR uses. Mozilla Firefox and mozilla-nss were updated to fix 17 security issues. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 85721
    published 2015-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85721
    title SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1449-1) (Logjam)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2015-596.NASL
    description A flaw was found in the way NSS verified certain ECDSA (Elliptic Curve Digital Signature Algorithm) signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks.
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 86074
    published 2015-09-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86074
    title Amazon Linux AMI : nss-softokn (ALAS-2015-596)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1699.NASL
    description Updated nss-softokn packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS verified certain ECDSA (Elliptic Curve Digital Signature Algorithm) signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks. (CVE-2015-2730) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Watson Ladd as the original reporter of this issue. All nss-softokn users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 85969
    published 2015-09-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85969
    title RHEL 6 / 7 : nss-softokn (RHSA-2015:1699)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150901_NSS_SOFTOKN_ON_SL6_X.NASL
    description A flaw was found in the way NSS verified certain ECDSA (Elliptic Curve Digital Signature Algorithm) signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks. (CVE-2015-2730)
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 85759
    published 2015-09-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85759
    title Scientific Linux Security Update : nss-softokn on SL6.x, SL7.x i386/x86_64
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL15955144.NASL
    description Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors. (CVE-2015-2730)
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 97671
    published 2017-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97671
    title F5 Networks BIG-IP : Mozilla NSS vulnerability (K15955144)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-1664.NASL
    description From Red Hat Security Advisory 2015:1664 : Updated nss packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. It was found that NSS permitted skipping of the ServerKeyExchange packet during a handshake involving ECDHE (Elliptic Curve Diffie-Hellman key Exchange). A remote attacker could use this flaw to bypass the forward-secrecy of a TLS/SSL connection. (CVE-2015-2721) A flaw was found in the way NSS verified certain ECDSA (Elliptic Curve Digital Signature Algorithm) signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks. (CVE-2015-2730) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Karthikeyan Bhargavan as the original reporter of CVE-2015-2721, and Watson Ladd as the original reporter of CVE-2015-2730. The nss packages have been upgraded to upstream version 3.19.1, which provides a number of bug fixes and enhancements over the previous version. All nss users are advised to upgrade to these updated packages, which correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 85611
    published 2015-08-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85611
    title Oracle Linux 5 : nss (ELSA-2015-1664)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150824_NSS_ON_SL5_X.NASL
    description It was found that NSS permitted skipping of the ServerKeyExchange packet during a handshake involving ECDHE (Elliptic Curve Diffie-Hellman key Exchange). A remote attacker could use this flaw to bypass the forward- secrecy of a TLS/SSL connection. (CVE-2015-2721) A flaw was found in the way NSS verified certain ECDSA (Elliptic Curve Digital Signature Algorithm) signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks. (CVE-2015-2730) The nss packages have been upgraded to upstream version 3.19.1, which provides a number of bug fixes and enhancements over the previous version.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 85623
    published 2015-08-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85623
    title Scientific Linux Security Update : nss on SL5.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-1664.NASL
    description Updated nss packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. It was found that NSS permitted skipping of the ServerKeyExchange packet during a handshake involving ECDHE (Elliptic Curve Diffie-Hellman key Exchange). A remote attacker could use this flaw to bypass the forward-secrecy of a TLS/SSL connection. (CVE-2015-2721) A flaw was found in the way NSS verified certain ECDSA (Elliptic Curve Digital Signature Algorithm) signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks. (CVE-2015-2730) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Karthikeyan Bhargavan as the original reporter of CVE-2015-2721, and Watson Ladd as the original reporter of CVE-2015-2730. The nss packages have been upgraded to upstream version 3.19.1, which provides a number of bug fixes and enhancements over the previous version. All nss users are advised to upgrade to these updated packages, which correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 85634
    published 2015-08-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85634
    title CentOS 5 : nss (CESA-2015:1664)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2672-1.NASL
    description Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721) Watson Ladd discovered that NSS incorrectly handled Elliptical Curve Cryptography (ECC) multiplication. A remote attacker could possibly use this issue to spoof ECDSA signatures. (CVE-2015-2730) As a security improvement, this update modifies NSS behaviour to reject DH key sizes below 768 bits, preventing a possible downgrade attack. This update also refreshes the NSS package to version 3.19.2 which includes the latest CA certificate bundle. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 84666
    published 2015-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84666
    title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : nss vulnerabilities (USN-2672-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-495.NASL
    description MozillaThunderbird was updated to fix 20 security issues. These security issues were fixed : - CVE-2015-2727: Mozilla Firefox 38.0 and Firefox ESR 38.0 allowed user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted website that is accessed with unspecified mouse and keyboard actions. NOTE: this vulnerability exists because of a CVE-2015-0821 regression (bsc#935979). - CVE-2015-2725: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bsc#935979). - CVE-2015-2736: The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allowed remote attackers to have an unspecified impact via a crafted ZIP archive (bsc#935979). - CVE-2015-2724: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bsc#935979). - CVE-2015-2730: Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, did not properly perform Elliptical Curve Cryptography (ECC) multiplications, which made it easier for remote attackers to spoof ECDSA signatures via unspecified vectors (bsc#935979). - CVE-2015-2743: PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allowed remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass (bsc#935979). - CVE-2015-2740: Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allowed remote attackers to cause a denial of service or have unspecified other impact via unknown vectors (bsc#935979). - CVE-2015-2741: Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which allowed user-assisted man-in-the-middle attackers to bypass intended access restrictions by triggering a (1) expired certificate or (2) mismatched hostname for a domain with pinning enabled (bsc#935979). - CVE-2015-2728: The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a 'type confusion' issue (bsc#935979). - CVE-2015-2729: The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ESR 38.x before 38.1 did not properly calculate an oscillator rendering range, which allowed remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors (bsc#935979). - CVE-2015-2739: The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors (bsc#935979). - CVE-2015-2738: The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors (bsc#935979). - CVE-2015-2737: The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors (bsc#935979). - CVE-2015-2721: Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, did not properly determine state transitions for the TLS state machine, which allowed man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a 'SMACK SKIP-TLS' issue (bsc#935979). - CVE-2015-2735: nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allowed remote attackers to have an unspecified impact via a crafted ZIP archive (bsc#935979). - CVE-2015-2734: The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors (bsc#935979). - CVE-2015-2733: Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allowed remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker (bsc#935979). - CVE-2015-2722: Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allowed remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker (bsc#935979). - CVE-2015-2731: Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allowed remote attackers to execute arbitrary code by leveraging client-side JavaScript that triggers removal of a DOM object on the basis of a Content Policy (bsc#935979). - CVE-2015-4000: The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, did not properly convey a DHE_EXPORT choice, which allowed man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the 'Logjam' issue (bsc#931600).
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 84864
    published 2015-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84864
    title openSUSE Security Update : MozillaThunderbird (openSUSE-2015-495) (Logjam)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3336.NASL
    description Several vulnerabilities have been discovered in nss, the Mozilla Network Security Service library. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-2721 Karthikeyan Bhargavan discovered that NSS incorrectly handles state transitions for the TLS state machine. A man-in-the-middle attacker could exploit this flaw to skip the ServerKeyExchange message and remove the forward-secrecy property. - CVE-2015-2730 Watson Ladd discovered that NSS does not properly perform Elliptical Curve Cryptography (ECC) multiplication, allowing a remote attacker to potentially spoof ECDSA signatures.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 85466
    published 2015-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85466
    title Debian DSA-3336-1 : nss - security update
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-1699.NASL
    description From Red Hat Security Advisory 2015:1699 : Updated nss-softokn packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS verified certain ECDSA (Elliptic Curve Digital Signature Algorithm) signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks. (CVE-2015-2730) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Watson Ladd as the original reporter of this issue. All nss-softokn users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 85732
    published 2015-09-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85732
    title Oracle Linux 6 / 7 : nss-softokn (ELSA-2015-1699)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1664.NASL
    description Updated nss packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. It was found that NSS permitted skipping of the ServerKeyExchange packet during a handshake involving ECDHE (Elliptic Curve Diffie-Hellman key Exchange). A remote attacker could use this flaw to bypass the forward-secrecy of a TLS/SSL connection. (CVE-2015-2721) A flaw was found in the way NSS verified certain ECDSA (Elliptic Curve Digital Signature Algorithm) signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks. (CVE-2015-2730) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Karthikeyan Bhargavan as the original reporter of CVE-2015-2721, and Watson Ladd as the original reporter of CVE-2015-2730. The nss packages have been upgraded to upstream version 3.19.1, which provides a number of bug fixes and enhancements over the previous version. All nss users are advised to upgrade to these updated packages, which correct these issues.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 85615
    published 2015-08-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85615
    title RHEL 5 : nss (RHSA-2015:1664)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201512-10.NASL
    description The remote host is affected by the vulnerability described in GLSA-201512-10 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-11-11
    plugin id 87710
    published 2016-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87710
    title GLSA-201512-10 : Mozilla Products: Multiple vulnerabilities (Bar Mitzvah) (Logjam)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_31_8_ESR.NASL
    description The version of Firefox ESR installed on the remote Windows host is prior to 31.8. It is, therefore, affected by multiple vulnerabilities : - A security downgrade vulnerability exists due to a flaw in Network Security Services (NSS). When a client allows for a ECDHE_ECDSA exchange, but the server does not send a ServerKeyExchange message, the NSS client will take the EC key from the ECDSA certificate. A remote attacker can exploit this to silently downgrade the exchange to a non-forward secret mixed-ECDH exchange. (CVE-2015-2721) - Multiple user-after-free errors exist when using an XMLHttpRequest object in concert with either shared or dedicated workers. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-2722, CVE-2015-2733) - Multiple memory corruption issues exist that allow an attacker to cause a denial of service condition or potentially execute arbitrary code. (CVE-2015-2724) - A type confusion flaw exists in the Indexed Database Manager's handling of IDBDatabase. A remote attacker can exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-2728) - A signature spoofing vulnerability exists due to a flaw in Network Security Services (NSS) in its Elliptic Curve Digital Signature Algorithm (ECDSA) signature validation. A remote attacker can exploit this to forge signatures. (CVE-2015-2730) - An uninitialized memory use issue exists in the CairoTextureClientD3D9::BorrowDrawTarget() function, the ::d3d11::SetBufferData() function, and the YCbCrImageDataDeserializer::ToDataSourceSurface() function. The impact is unspecified. (CVE-2015-2734, CVE-2015-2737, CVE-2015-2738) - A memory corruption issue exists in the nsZipArchive::GetDataOffset() function due to improper string length checks. An attacker can exploit this, via a crafted ZIP archive, to potentially execute arbitrary code. (CVE-2015-2735) - A memory corruption issue exists in the nsZipArchive::BuildFileList() function due to improper validation of user-supplied input. An attacker can exploit this, via a crafted ZIP archive, to potentially execute arbitrary code. (CVE-2015-2736) - An unspecified memory corruption issue exists in the ArrayBufferBuilder::append() function due to improper validation of user-supplied input. An attacker can exploit this to potentially execute arbitrary code. (CVE-2015-2739) - A buffer overflow condition exists in the nsXMLHttpRequest::AppendToResponseText() function due to improper validation of user-supplied input. An attacker can exploit this to potentially execute arbitrary code. (CVE-2015-2740) - A privilege escalation vulnerability exists in the PDF viewer (PDF.js) due to internal workers being executed insecurely. An attacker can exploit this, by leveraging a Same Origin Policy bypass, to execute arbitrary code. (CVE-2015-2743) - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 84579
    published 2015-07-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84579
    title Firefox ESR < 31.8 Multiple Vulnerabilities (Logjam)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_31_8_ESR.NASL
    description The version of Firefox ESR installed on the remote Mac OS X host i prior to 31.8. It is, therefore, affected by multiple vulnerabilities : - A security downgrade vulnerability exists due to a flaw in Network Security Services (NSS). When a client allows for a ECDHE_ECDSA exchange, but the server does not send a ServerKeyExchange message, the NSS client will take the EC key from the ECDSA certificate. A remote attacker can exploit this to silently downgrade the exchange to a non-forward secret mixed-ECDH exchange. (CVE-2015-2721) - Multiple user-after-free errors exist when using an XMLHttpRequest object in concert with either shared or dedicated workers. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-2722, CVE-2015-2733) - Multiple memory corruption issues exist that allow an attacker to cause a denial of service condition or potentially execute arbitrary code. (CVE-2015-2724) - A type confusion flaw exists in the Indexed Database Manager's handling of IDBDatabase. A remote attacker can exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-2728) - A signature spoofing vulnerability exists due to a flaw in Network Security Services (NSS) in its Elliptic Curve Digital Signature Algorithm (ECDSA) signature validation. A remote attacker can exploit this to forge signatures. (CVE-2015-2730) - An uninitialized memory use issue exists in the CairoTextureClientD3D9::BorrowDrawTarget() function, the ::d3d11::SetBufferData() function, and the YCbCrImageDataDeserializer::ToDataSourceSurface() function. The impact is unspecified. (CVE-2015-2734, CVE-2015-2737, CVE-2015-2738) - A memory corruption issue exists in the nsZipArchive::GetDataOffset() function due to improper string length checks. An attacker can exploit this, via a crafted ZIP archive, to potentially execute arbitrary code. (CVE-2015-2735) - A memory corruption issue exists in the nsZipArchive::BuildFileList() function due to improper validation of user-supplied input. An attacker can exploit this, via a crafted ZIP archive, to potentially execute arbitrary code. (CVE-2015-2736) - An unspecified memory corruption issue exists in the ArrayBufferBuilder::append() function due to improper validation of user-supplied input. An attacker can exploit this to potentially execute arbitrary code. (CVE-2015-2739) - A buffer overflow condition exists in the nsXMLHttpRequest::AppendToResponseText() function due to improper validation of user-supplied input. An attacker can exploit this to potentially execute arbitrary code. (CVE-2015-2740) - A privilege escalation vulnerability exists in the PDF viewer (PDF.js) due to internal workers being executed insecurely. An attacker can exploit this, by leveraging a Same Origin Policy bypass, to execute arbitrary code. (CVE-2015-2743) - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 84575
    published 2015-07-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84575
    title Firefox ESR < 31.8 Multiple Vulnerabilities (Mac OS X) (Logjam)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-480.NASL
    description MozillaFirefox was updated to version 39.0 to fix 21 security issues. These security issues were fixed : - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2727: Local files or privileged URLs in pages can be opened into new tabs (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2729: Out-of-bound read while computing an oscillator rendering range in Web Audio (bsc#935979). - CVE-2015-2731: Use-after-free in Content Policy due to microtask execution error (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). - CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/ CVE-2015-2738/CVE-2015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2741: Key pinning is ignored when overridable errors are encountered (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935979). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). New features : - Share Hello URLs with social networks - Support for 'switch' role in ARIA 1.1 (web accessibility) - SafeBrowsing malware detection lookups enabled for downloads (Mac OS X and Linux) - Support for new Unicode 8.0 skin tone emoji - Removed support for insecure SSLv3 for network communications - Disable use of RC4 except for temporarily whitelisted hosts - NPAPI Plug-in performance improved via asynchronous initialization mozilla-nss was updated to version 3.19.2 to fix some of the security issues listed above.
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 84720
    published 2015-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84720
    title openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2015-480) (Logjam)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-1699.NASL
    description Updated nss-softokn packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS verified certain ECDSA (Elliptic Curve Digital Signature Algorithm) signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks. (CVE-2015-2730) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Watson Ladd as the original reporter of this issue. All nss-softokn users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 86501
    published 2015-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86501
    title CentOS 6 / 7 : nss-softokn (CESA-2015:1699)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_39_0.NASL
    description The version of Firefox installed on the remote Windows host is prior to 39.0. It is, therefore, affected by multiple vulnerabilities : - A security downgrade vulnerability exists due to a flaw in Network Security Services (NSS). When a client allows for a ECDHE_ECDSA exchange, but the server does not send a ServerKeyExchange message, the NSS client will take the EC key from the ECDSA certificate. A remote attacker can exploit this to silently downgrade the exchange to a non-forward secret mixed-ECDH exchange. (CVE-2015-2721) - Multiple user-after-free errors exist when using an XMLHttpRequest object in concert with either shared or dedicated workers. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-2722, CVE-2015-2733) - Multiple memory corruption issues exist that allow an attacker to cause a denial of service condition or potentially execute arbitrary code. (CVE-2015-2724, CVE-2015-2725) - A security bypass vulnerability exists due to a failure to preserve context restrictions. A remote attacker can exploit this, via a crafted web site that is accessed with unspecified mouse and keyboard actions, to read arbitrary files or execute arbitrary JavaScript code. (CVE-2015-2727) - A type confusion flaw exists in the Indexed Database Manager's handling of IDBDatabase. A remote attacker can exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-2728) - An out-of-bounds read flaw exists in the AudioParamTimeline::AudioNodeInputValue() function when computing oscillator rending ranges. An attacker can exploit this to disclose the contents of four bytes of memory or cause a denial of service condition. (CVE-2015-2729) - A signature spoofing vulnerability exists due to a flaw in Network Security Services (NSS) in its Elliptic Curve Digital Signature Algorithm (ECDSA) signature validation. A remote attacker can exploit this to forge signatures. (CVE-2015-2730) - A use-after-free error exists in the CSPService::ShouldLoad() function when modifying the Document Object Model to remove a DOM object. An attacker can exploit this to dereference already freed memory, potentially resulting in the execution of arbitrary code. (CVE-2015-2731) - An uninitialized memory use issue exists in the CairoTextureClientD3D9::BorrowDrawTarget() function, the ::d3d11::SetBufferData() function, and the YCbCrImageDataDeserializer::ToDataSourceSurface() function. The impact is unspecified. (CVE-2015-2734, CVE-2015-2737, CVE-2015-2738) - A memory corruption issue exists in the nsZipArchive::GetDataOffset() function due to improper string length checks. An attacker can exploit this, via a crafted ZIP archive, to potentially execute arbitrary code. (CVE-2015-2735) - A memory corruption issue exists in the nsZipArchive::BuildFileList() function due to improper validation of user-supplied input. An attacker can exploit this, via a crafted ZIP archive, to potentially execute arbitrary code. (CVE-2015-2736) - An unspecified memory corruption issue exists in the ArrayBufferBuilder::append() function due to improper validation of user-supplied input. An attacker can exploit this to potentially execute arbitrary code. (CVE-2015-2739) - A buffer overflow condition exists in the nsXMLHttpRequest::AppendToResponseText() function due to improper validation of user-supplied input. An attacker can exploit this to potentially execute arbitrary code. (CVE-2015-2740) - A security bypass vulnerability exists due to a flaw in certificate pinning checks. Key pinning is not enforced upon encountering an X.509 certificate problem that generates a user dialog. A man-in-the-middle attacker can exploit this to bypass intended access restrictions. (CVE-2015-2741) - A privilege escalation vulnerability exists in the PDF viewer (PDF.js) due to internal workers being executed insecurely. An attacker can exploit this, by leveraging a Same Origin Policy bypass, to execute arbitrary code. (CVE-2015-2743) - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 84581
    published 2015-07-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84581
    title Firefox < 39.0 Multiple Vulnerabilities (Logjam)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_38_1_ESR.NASL
    description The version of Firefox ESR installed on the remote Mac OS X host is\ prior to 38.1. It is, therefore, affected by multiple vulnerabilities : - A security downgrade vulnerability exists due to a flaw in Network Security Services (NSS). When a client allows for a ECDHE_ECDSA exchange, but the server does not send a ServerKeyExchange message, the NSS client will take the EC key from the ECDSA certificate. A remote attacker can exploit this to silently downgrade the exchange to a non-forward secret mixed-ECDH exchange. (CVE-2015-2721) - Multiple user-after-free errors exist when using an XMLHttpRequest object in concert with either shared or dedicated workers. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-2722, CVE-2015-2733) - Multiple memory corruption issues exist that allow an attacker to cause a denial of service condition or potentially execute arbitrary code. (CVE-2015-2724, CVE-2015-2725) - A security bypass vulnerability exists due to a failure to preserve context restrictions. A remote attacker can exploit this, via a crafted web site that is accessed with unspecified mouse and keyboard actions, to read arbitrary files or execute arbitrary JavaScript code. (CVE-2015-2727) - A type confusion flaw exists in the Indexed Database Manager's handling of IDBDatabase. A remote attacker can exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-2728) - An out-of-bounds read flaw exists in the AudioParamTimeline::AudioNodeInputValue() function when computing oscillator rending ranges. An attacker can exploit this to disclose the contents of four bytes of memory or cause a denial of service condition. (CVE-2015-2729) - A signature spoofing vulnerability exists due to a flaw in Network Security Services (NSS) in its Elliptic Curve Digital Signature Algorithm (ECDSA) signature validation. A remote attacker can exploit this to forge signatures. (CVE-2015-2730) - A use-after-free error exists in the CSPService::ShouldLoad() function when modifying the Document Object Model to remove a DOM object. An attacker can exploit this to dereference already freed memory, potentially resulting in the execution of arbitrary code. (CVE-2015-2731) - An uninitialized memory use issue exists in the CairoTextureClientD3D9::BorrowDrawTarget() function, the ::d3d11::SetBufferData() function, and the YCbCrImageDataDeserializer::ToDataSourceSurface() function. The impact is unspecified. (CVE-2015-2734, CVE-2015-2737, CVE-2015-2738) - A memory corruption issue exists in the nsZipArchive::GetDataOffset() function due to improper string length checks. An attacker can exploit this, via a crafted ZIP archive, to potentially execute arbitrary code. (CVE-2015-2735) - A memory corruption issue exists in the nsZipArchive::BuildFileList() function due to improper validation of user-supplied input. An attacker can exploit this, via a crafted ZIP archive, to potentially execute arbitrary code. (CVE-2015-2736) - An unspecified memory corruption issue exists in the ArrayBufferBuilder::append() function due to improper validation of user-supplied input. An attacker can exploit this to potentially execute arbitrary code. (CVE-2015-2739) - A buffer overflow condition exists in the nsXMLHttpRequest::AppendToResponseText() function due to improper validation of user-supplied input. An attacker can exploit this to potentially execute arbitrary code. (CVE-2015-2740) - A security bypass vulnerability exists due to a flaw in certificate pinning checks. Key pinning is not enforced upon encountering an X.509 certificate problem that generates a user dialog. A man-in-the-middle attacker can exploit this to bypass intended access restrictions. (CVE-2015-2741) - A privilege escalation vulnerability exists in the PDF viewer (PDF.js) due to internal workers being executed insecurely. An attacker can exploit this, by leveraging a Same Origin Policy bypass, to execute arbitrary code. (CVE-2015-2743) - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 84576
    published 2015-07-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84576
    title Firefox ESR < 38.1 Multiple Vulnerabilities (Mac OS X) (Logjam)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_38_1_ESR.NASL
    description The version of Firefox ESR installed on the remote Windows host is prior to 38.1. It is, therefore, affected by multiple vulnerabilities : - A security downgrade vulnerability exists due to a flaw in Network Security Services (NSS). When a client allows for a ECDHE_ECDSA exchange, but the server does not send a ServerKeyExchange message, the NSS client will take the EC key from the ECDSA certificate. A remote attacker can exploit this to silently downgrade the exchange to a non-forward secret mixed-ECDH exchange. (CVE-2015-2721) - Multiple user-after-free errors exist when using an XMLHttpRequest object in concert with either shared or dedicated workers. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-2722, CVE-2015-2733) - Multiple memory corruption issues exist that allow an attacker to cause a denial of service condition or potentially execute arbitrary code. (CVE-2015-2724, CVE-2015-2725) - A security bypass vulnerability exists due to a failure to preserve context restrictions. A remote attacker can exploit this, via a crafted web site that is accessed with unspecified mouse and keyboard actions, to read arbitrary files or execute arbitrary JavaScript code. (CVE-2015-2727) - A type confusion flaw exists in the Indexed Database Manager's handling of IDBDatabase. A remote attacker can exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-2728) - An out-of-bounds read flaw exists in the AudioParamTimeline::AudioNodeInputValue() function when computing oscillator rending ranges. An attacker can exploit this to disclose the contents of four bytes of memory or cause a denial of service condition. (CVE-2015-2729) - A signature spoofing vulnerability exists due to a flaw in Network Security Services (NSS) in its Elliptic Curve Digital Signature Algorithm (ECDSA) signature validation. A remote attacker can exploit this to forge signatures. (CVE-2015-2730) - A use-after-free error exists in the CSPService::ShouldLoad() function when modifying the Document Object Model to remove a DOM object. An attacker can exploit this to dereference already freed memory, potentially resulting in the execution of arbitrary code. (CVE-2015-2731) - An uninitialized memory use issue exists in the CairoTextureClientD3D9::BorrowDrawTarget() function, the ::d3d11::SetBufferData() function, and the YCbCrImageDataDeserializer::ToDataSourceSurface() function. The impact is unspecified. (CVE-2015-2734, CVE-2015-2737, CVE-2015-2738) - A memory corruption issue exists in the nsZipArchive::GetDataOffset() function due to improper string length checks. An attacker can exploit this, via a crafted ZIP archive, to potentially execute arbitrary code. (CVE-2015-2735) - A memory corruption issue exists in the nsZipArchive::BuildFileList() function due to improper validation of user-supplied input. An attacker can exploit this, via a crafted ZIP archive, to potentially execute arbitrary code. (CVE-2015-2736) - An unspecified memory corruption issue exists in the ArrayBufferBuilder::append() function due to improper validation of user-supplied input. An attacker can exploit this to potentially execute arbitrary code. (CVE-2015-2739) - A buffer overflow condition exists in the nsXMLHttpRequest::AppendToResponseText() function due to improper validation of user-supplied input. An attacker can exploit this to potentially execute arbitrary code. (CVE-2015-2740) - A security bypass vulnerability exists due to a flaw in certificate pinning checks. Key pinning is not enforced upon encountering an X.509 certificate problem that generates a user dialog. A man-in-the-middle attacker can exploit this to bypass intended access restrictions. (CVE-2015-2741) - A privilege escalation vulnerability exists in the PDF viewer (PDF.js) due to internal workers being executed insecurely. An attacker can exploit this, by leveraging a Same Origin Policy bypass, to execute arbitrary code. (CVE-2015-2743) - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 84580
    published 2015-07-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84580
    title Firefox ESR < 38.1 Multiple Vulnerabilities (Logjam)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-315.NASL
    description Several vulnerabilities have been discovered in nss, the Mozilla Network Security Service library. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2015-2721 Karthikeyan Bhargavan discovered that NSS incorrectly handles state transitions for the TLS state machine. A man-in-the-middle attacker could exploit this flaw to skip the ServerKeyExchange message and remove the forward-secrecy property. CVE-2015-2730 Watson Ladd discovered that NSS does not properly perform Elliptical Curve Cryptography (ECC) multiplication, allowing a remote attacker to potentially spoof ECDSA signatures. For the oldoldstable distribution (squeeze), these problems have been fixed in version 3.12.8-1+squeeze12. We recommend that you upgrade your nss packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 86154
    published 2015-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86154
    title Debian DLA-315-1 : nss security update
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2656-1.NASL
    description Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721) Looben Yan discovered 2 use-after-free issues when using XMLHttpRequest in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2722, CVE-2015-2733) Bob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Terrence Cole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas Pehrson, Tooru Fujisawa, Andrew Sutherland, and Gary Kwong discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2726) Armin Razmdjou discovered that opening hyperlinks with specific mouse and key combinations could allow a Chrome privileged URL to be opened without context restrictions being preserved. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2015-2727) Paul Bandha discovered a type confusion bug in the Indexed DB Manager. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-2728) Holger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-2729) Watson Ladd discovered that NSS incorrectly handled Elliptical Curve Cryptography (ECC) multiplication. A remote attacker could possibly use this issue to spoof ECDSA signatures. (CVE-2015-2730) A use-after-free was discovered when a Content Policy modifies the DOM to remove a DOM object. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-2731) Ronald Crane discovered multiple security vulnerabilities. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740) David Keeler discovered that key pinning checks can be skipped when an overridable certificate error occurs. This allows a user to manually override an error for a fake certificate, but cannot be exploited on its own. (CVE-2015-2741) Jonas Jenwald discovered that some internal workers were incorrectly executed with a high privilege. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this in combination with another security vulnerability, to execute arbitrary code in a privileged scope. (CVE-2015-2743) Matthew Green discovered a DHE key processing issue in NSS where a MITM could force a server to downgrade TLS connections to 512-bit export-grade cryptography. An attacker could potentially exploit this to impersonate the server. (CVE-2015-4000). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 84664
    published 2015-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84664
    title Ubuntu 14.04 LTS / 14.10 / 15.04 : firefox vulnerabilities (USN-2656-1) (Logjam)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2656-2.NASL
    description USN-2656-1 fixed vulnerabilities in Firefox for Ubuntu 14.04 LTS and later releases. This update provides the corresponding update for Ubuntu 12.04 LTS. Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721) Looben Yan discovered 2 use-after-free issues when using XMLHttpRequest in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2722, CVE-2015-2733) Bob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Terrence Cole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas Pehrson, Tooru Fujisawa, Andrew Sutherland, and Gary Kwong discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2726) Armin Razmdjou discovered that opening hyperlinks with specific mouse and key combinations could allow a Chrome privileged URL to be opened without context restrictions being preserved. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2015-2727) Paul Bandha discovered a type confusion bug in the Indexed DB Manager. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-2728) Holger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-2729) Watson Ladd discovered that NSS incorrectly handled Elliptical Curve Cryptography (ECC) multiplication. A remote attacker could possibly use this issue to spoof ECDSA signatures. (CVE-2015-2730) A use-after-free was discovered when a Content Policy modifies the DOM to remove a DOM object. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-2731) Ronald Crane discovered multiple security vulnerabilities. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740) David Keeler discovered that key pinning checks can be skipped when an overridable certificate error occurs. This allows a user to manually override an error for a fake certificate, but cannot be exploited on its own. (CVE-2015-2741) Jonas Jenwald discovered that some internal workers were incorrectly executed with a high privilege. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this in combination with another security vulnerability, to execute arbitrary code in a privileged scope. (CVE-2015-2743) Matthew Green discovered a DHE key processing issue in NSS where a MITM could force a server to downgrade TLS connections to 512-bit export-grade cryptography. An attacker could potentially exploit this to impersonate the server. (CVE-2015-4000). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 84794
    published 2015-07-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84794
    title Ubuntu 12.04 LTS : firefox vulnerabilities (USN-2656-2) (Logjam)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1269-1.NASL
    description MozillaFirefox, mozilla-nspr, and mozilla-nss were updated to fix 17 security issues. For more details please check the changelogs. - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). - CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/ CVE-2015-2738/CVE-2 015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-31
    plugin id 84899
    published 2015-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84899
    title SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2015:1269-1)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_39_0.NASL
    description The version of Firefox installed on the remote Mac OS X host is prior to 39.0. It is, therefore, affected by multiple vulnerabilities : - A security downgrade vulnerability exists due to a flaw in Network Security Services (NSS). When a client allows for a ECDHE_ECDSA exchange, but the server does not send a ServerKeyExchange message, the NSS client will take the EC key from the ECDSA certificate. A remote attacker can exploit this to silently downgrade the exchange to a non-forward secret mixed-ECDH exchange. (CVE-2015-2721) - Multiple user-after-free errors exist when using an XMLHttpRequest object in concert with either shared or dedicated workers. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-2722, CVE-2015-2733) - Multiple memory corruption issues exist that allow an attacker to cause a denial of service condition or potentially execute arbitrary code. (CVE-2015-2724, CVE-2015-2725) - A security bypass vulnerability exists due to a failure to preserve context restrictions. A remote attacker can exploit this, via a crafted web site that is accessed with unspecified mouse and keyboard actions, to read arbitrary files or execute arbitrary JavaScript code. (CVE-2015-2727) - A type confusion flaw exists in the Indexed Database Manager's handling of IDBDatabase. A remote attacker can exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-2728) - An out-of-bounds read flaw exists in the AudioParamTimeline::AudioNodeInputValue() function when computing oscillator rending ranges. An attacker can exploit this to disclose the contents of four bytes of memory or cause a denial of service condition. (CVE-2015-2729) - A signature spoofing vulnerability exists due to a flaw in Network Security Services (NSS) in its Elliptic Curve Digital Signature Algorithm (ECDSA) signature validation. A remote attacker can exploit this to forge signatures. (CVE-2015-2730) - A use-after-free error exists in the CSPService::ShouldLoad() function when modifying the Document Object Model to remove a DOM object. An attacker can exploit this to dereference already freed memory, potentially resulting in the execution of arbitrary code. (CVE-2015-2731) - An uninitialized memory use issue exists in the CairoTextureClientD3D9::BorrowDrawTarget() function, the ::d3d11::SetBufferData() function, and the YCbCrImageDataDeserializer::ToDataSourceSurface() function. The impact is unspecified. (CVE-2015-2734, CVE-2015-2737, CVE-2015-2738) - A memory corruption issue exists in the nsZipArchive::GetDataOffset() function due to improper string length checks. An attacker can exploit this, via a crafted ZIP archive, to potentially execute arbitrary code. (CVE-2015-2735) - A memory corruption issue exists in the nsZipArchive::BuildFileList() function due to improper validation of user-supplied input. An attacker can exploit this, via a crafted ZIP archive, to potentially execute arbitrary code. (CVE-2015-2736) - An unspecified memory corruption issue exists in the ArrayBufferBuilder::append() function due to improper validation of user-supplied input. An attacker can exploit this to potentially execute arbitrary code. (CVE-2015-2739) - A buffer overflow condition exists in the nsXMLHttpRequest::AppendToResponseText() function due to improper validation of user-supplied input. An attacker can exploit this to potentially execute arbitrary code. (CVE-2015-2740) - A security bypass vulnerability exists due to a flaw in certificate pinning checks. Key pinning is not enforced upon encountering an X.509 certificate problem that generates a user dialog. A man-in-the-middle attacker can exploit this to bypass intended access restrictions. (CVE-2015-2741) - An information disclosure vulnerability exists due to crash reports containing key press information. (CVE-2015-2742) - A privilege escalation vulnerability exists in the PDF viewer (PDF.js) due to internal workers being executed insecurely. An attacker can exploit this, by leveraging a Same Origin Policy bypass, to execute arbitrary code. (CVE-2015-2743) - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 84577
    published 2015-07-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84577
    title Firefox < 39.0 Multiple Vulnerabilities (Mac OS X) (Logjam)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1268-2.NASL
    description MozillaFirefox, mozilla-nspr, and mozilla-nss were updated to fix 17 security issues. For more details please check the changelogs. These security issues were fixed : - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). - CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/ CVE-2015-2738/CVE-2 015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). This non-security issue was fixed : - bsc#908275: Firefox did not print in landscape orientation. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-31
    plugin id 84898
    published 2015-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84898
    title SUSE SLED11 / SLES11 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2015:1268-2)
redhat via4
advisories
  • bugzilla
    id 1236967
    title CVE-2015-2721 NSS: incorrectly permited skipping of ServerKeyExchange (MFSA 2015-71)
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment nss is earlier than 0:3.19.1-1.el5_11
          oval oval:com.redhat.rhsa:tst:20151664008
        • comment nss is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20150925013
      • AND
        • comment nss-devel is earlier than 0:3.19.1-1.el5_11
          oval oval:com.redhat.rhsa:tst:20151664006
        • comment nss-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20150925009
      • AND
        • comment nss-pkcs11-devel is earlier than 0:3.19.1-1.el5_11
          oval oval:com.redhat.rhsa:tst:20151664002
        • comment nss-pkcs11-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20150925007
      • AND
        • comment nss-tools is earlier than 0:3.19.1-1.el5_11
          oval oval:com.redhat.rhsa:tst:20151664004
        • comment nss-tools is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20150925011
    rhsa
    id RHSA-2015:1664
    released 2015-08-24
    severity Moderate
    title RHSA-2015:1664: nss security, bug fix, and enhancement update (Moderate)
  • bugzilla
    id 1236954
    title CVE-2015-2730 NSS: ECDSA signature validation fails to handle some signatures correctly (MFSA 2015-64)
    oval
    OR
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhba:tst:20111656001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhba:tst:20111656002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhba:tst:20111656003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20111656004
      • OR
        • AND
          • comment nss-softokn is earlier than 0:3.14.3-23.el6_7
            oval oval:com.redhat.rhsa:tst:20151699007
          • comment nss-softokn is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364024
        • AND
          • comment nss-softokn-devel is earlier than 0:3.14.3-23.el6_7
            oval oval:com.redhat.rhsa:tst:20151699005
          • comment nss-softokn-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364026
        • AND
          • comment nss-softokn-freebl is earlier than 0:3.14.3-23.el6_7
            oval oval:com.redhat.rhsa:tst:20151699009
          • comment nss-softokn-freebl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364028
        • AND
          • comment nss-softokn-freebl-devel is earlier than 0:3.14.3-23.el6_7
            oval oval:com.redhat.rhsa:tst:20151699011
          • comment nss-softokn-freebl-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364030
    • AND
      • OR
        • comment Red Hat Enterprise Linux 7 Client is installed
          oval oval:com.redhat.rhba:tst:20150364001
        • comment Red Hat Enterprise Linux 7 Server is installed
          oval oval:com.redhat.rhba:tst:20150364002
        • comment Red Hat Enterprise Linux 7 Workstation is installed
          oval oval:com.redhat.rhba:tst:20150364003
        • comment Red Hat Enterprise Linux 7 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20150364004
      • OR
        • AND
          • comment nss-softokn is earlier than 0:3.16.2.3-13.el7_1
            oval oval:com.redhat.rhsa:tst:20151699017
          • comment nss-softokn is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364024
        • AND
          • comment nss-softokn-devel is earlier than 0:3.16.2.3-13.el7_1
            oval oval:com.redhat.rhsa:tst:20151699019
          • comment nss-softokn-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364026
        • AND
          • comment nss-softokn-freebl is earlier than 0:3.16.2.3-13.el7_1
            oval oval:com.redhat.rhsa:tst:20151699018
          • comment nss-softokn-freebl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364028
        • AND
          • comment nss-softokn-freebl-devel is earlier than 0:3.16.2.3-13.el7_1
            oval oval:com.redhat.rhsa:tst:20151699020
          • comment nss-softokn-freebl-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364030
    rhsa
    id RHSA-2015:1699
    released 2015-09-01
    severity Moderate
    title RHSA-2015:1699: nss-softokn security update (Moderate)
rpms
  • nss-0:3.19.1-1.el5_11
  • nss-devel-0:3.19.1-1.el5_11
  • nss-pkcs11-devel-0:3.19.1-1.el5_11
  • nss-tools-0:3.19.1-1.el5_11
  • nss-softokn-0:3.14.3-23.el6_7
  • nss-softokn-devel-0:3.14.3-23.el6_7
  • nss-softokn-freebl-0:3.14.3-23.el6_7
  • nss-softokn-freebl-devel-0:3.14.3-23.el6_7
  • nss-softokn-0:3.16.2.3-13.el7_1
  • nss-softokn-devel-0:3.16.2.3-13.el7_1
  • nss-softokn-freebl-0:3.16.2.3-13.el7_1
  • nss-softokn-freebl-devel-0:3.16.2.3-13.el7_1
refmap via4
bid
  • 75541
  • 83399
confirm
debian DSA-3336
gentoo GLSA-201512-10
sectrack 1032783
suse
  • SUSE-SU-2015:1268
  • SUSE-SU-2015:1269
  • SUSE-SU-2015:1449
  • openSUSE-SU-2015:1229
  • openSUSE-SU-2015:1266
ubuntu
  • USN-2656-1
  • USN-2656-2
  • USN-2672-1
Last major update 27-12-2016 - 21:59
Published 05-07-2015 - 22:01
Back to Top