cnvd - cnvd-2015-07441

cnvd-2015-07441

Vulnerability from cnvd

Title

Mozilla NSS/Firefox整数溢出漏洞

Description

Mozilla Firefox是一个开源网页浏览器，使用Gecko引擎。网络安全服务（NSS）是一套用于跨平台开发启用了安全功能的客户端和服务器应用的库，用NSS编译的应用可以支持SSLv2、SSLv3、TLS等安全标准。 Mozilla Firefox 42.0之前版本，Firefox ESR 38.x-38.4版本，Mozilla Network Security Services (NSS) 3.19.2.1之前版本和3.20.x-3.20.1版本，NSPR的PL_ARENA_ALLOCATE实现中存在整数溢出漏洞。远程攻击者可执行任意代码或发起拒绝服务攻击。

Severity

高

Patch Name

Mozilla NSS/Firefox整数溢出漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.mozilla.org/security/announce/2015/mfsa2015-133.html https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes

Reference

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7183

Impacted products

Name
['Mozilla Firefox < 42.0', 'Mozilla Network Security Services <3.19.2.1', 'Mozilla Network Security Services 3.20.x(<3.20.1)', 'Mozilla Firefox ESR 38.x(<38.4)']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "77415"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-7183"
    }
  },
  "description": "Mozilla Firefox\u662f\u4e00\u4e2a\u5f00\u6e90\u7f51\u9875\u6d4f\u89c8\u5668\uff0c\u4f7f\u7528Gecko\u5f15\u64ce\u3002\u7f51\u7edc\u5b89\u5168\u670d\u52a1\uff08NSS\uff09\u662f\u4e00\u5957\u7528\u4e8e\u8de8\u5e73\u53f0\u5f00\u53d1\u542f\u7528\u4e86\u5b89\u5168\u529f\u80fd\u7684\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u5e94\u7528\u7684\u5e93\uff0c\u7528NSS\u7f16\u8bd1\u7684\u5e94\u7528\u53ef\u4ee5\u652f\u6301SSLv2\u3001SSLv3\u3001TLS\u7b49\u5b89\u5168\u6807\u51c6\u3002\r\n\r\nMozilla Firefox 42.0\u4e4b\u524d\u7248\u672c\uff0cFirefox ESR 38.x-38.4\u7248\u672c\uff0cMozilla Network Security Services (NSS) 3.19.2.1\u4e4b\u524d\u7248\u672c\u548c3.20.x-3.20.1\u7248\u672c\uff0cNSPR\u7684PL_ARENA_ALLOCATE\u5b9e\u73b0\u4e2d\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u53d1\u8d77\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
  "discovererName": "Ryan Sleevi from Google",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-133.html \r\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-07441",
  "openTime": "2015-11-11",
  "patchDescription": "Mozilla Firefox\u662f\u4e00\u4e2a\u5f00\u6e90\u7f51\u9875\u6d4f\u89c8\u5668\uff0c\u4f7f\u7528Gecko\u5f15\u64ce\u3002\u7f51\u7edc\u5b89\u5168\u670d\u52a1\uff08NSS\uff09\u662f\u4e00\u5957\u7528\u4e8e\u8de8\u5e73\u53f0\u5f00\u53d1\u542f\u7528\u4e86\u5b89\u5168\u529f\u80fd\u7684\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u5e94\u7528\u7684\u5e93\uff0c\u7528NSS\u7f16\u8bd1\u7684\u5e94\u7528\u53ef\u4ee5\u652f\u6301SSLv2\u3001SSLv3\u3001TLS\u7b49\u5b89\u5168\u6807\u51c6\u3002\r\n\r\nMozilla Firefox 42.0\u4e4b\u524d\u7248\u672c\uff0cFirefox ESR 38.x-38.4\u7248\u672c\uff0cMozilla Network Security Services (NSS) 3.19.2.1\u4e4b\u524d\u7248\u672c\u548c3.20.x-3.20.1\u7248\u672c\uff0cNSPR\u7684PL_ARENA_ALLOCATE\u5b9e\u73b0\u4e2d\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u53d1\u8d77\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Mozilla NSS/Firefox\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Mozilla Firefox \u003c 42.0",
      "Mozilla Network Security Services \u003c3.19.2.1",
      "Mozilla Network Security Services  3.20.x(\u003c3.20.1)",
      "Mozilla Firefox ESR 38.x(\u003c38.4)"
    ]
  },
  "referenceLink": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7183",
  "serverity": "\u9ad8",
  "submitTime": "2015-11-09",
  "title": "Mozilla NSS/Firefox\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2015-7183 (GCVE-0-2015-7183)

Vulnerability from cvelistv5

Published

2015-11-05 02:00

Modified

2024-08-06 07:43

Severity ?

CWE

Summary

Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

References

URL

Tags

	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1034069	vdb-entry, x_refsource_SECTRACK
	https://bto.bluecoat.com/security-advisory/sa119	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/201512-10	vendor-advisory, x_refsource_GENTOO
	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html	vendor-advisory, x_refsource_SUSE
	https://bugzilla.mozilla.org/show_bug.cgi?id=1205157	x_refsource_CONFIRM
	http://www.debian.org/security/2015/dsa-3406	vendor-advisory, x_refsource_DEBIAN
	http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html	vendor-advisory, x_refsource_SUSE
	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2785-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2015-1981.html	vendor-advisory, x_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-2819-1	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/77415	vdb-entry, x_refsource_BID
	http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/91787	vdb-entry, x_refsource_BID
	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2015-1980.html	vendor-advisory, x_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-2790-1	vendor-advisory, x_refsource_UBUNTU
	http://www.debian.org/security/2015/dsa-3393	vendor-advisory, x_refsource_DEBIAN
	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes	x_refsource_CONFIRM
	http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html	x_refsource_MISC
	http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/201605-06	vendor-advisory, x_refsource_GENTOO
	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753	vendor-advisory, x_refsource_SLACKWARE
	http://www.mozilla.org/security/announce/2015/mfsa2015-133.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html	vendor-advisory, x_refsource_SUSE