- Home
- CVEs with nessus.description==Several vulnerabilities have been discovered in nss, the Mozilla Network Security Service library. The Common Vulnerabilities and Exposures project identifies the following problems :
CVE-2015-2721
Karthikeyan Bhargavan discovered that NSS incorrectly handles state transitions for the TLS state machine. A man-in-the-middle attacker could exploit this flaw to skip the ServerKeyExchange message and remove the forward-secrecy property.
CVE-2015-2730
Watson Ladd discovered that NSS does not properly perform Elliptical Curve Cryptography (ECC) multiplication, allowing a remote attacker to potentially spoof ECDSA signatures.
For the oldoldstable distribution (squeeze), these problems have been fixed in version 3.12.8-1 squeeze12.
We recommend that you upgrade your nss packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top