cnvd - cnvd-2015-07441

cnvd-2015-07441

Vulnerability from cnvd

Title: Mozilla NSS/Firefox整数溢出漏洞

Description:

Mozilla Firefox是一个开源网页浏览器，使用Gecko引擎。网络安全服务（NSS）是一套用于跨平台开发启用了安全功能的客户端和服务器应用的库，用NSS编译的应用可以支持SSLv2、SSLv3、TLS等安全标准。

Mozilla Firefox 42.0之前版本，Firefox ESR 38.x-38.4版本，Mozilla Network Security Services (NSS) 3.19.2.1之前版本和3.20.x-3.20.1版本，NSPR的PL_ARENA_ALLOCATE实现中存在整数溢出漏洞。远程攻击者可执行任意代码或发起拒绝服务攻击。

Severity: 高

Patch Name: Mozilla NSS/Firefox整数溢出漏洞的补丁

Patch Description:

Formal description:

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.mozilla.org/security/announce/2015/mfsa2015-133.html https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes

Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7183

Impacted products

Name
['Mozilla Firefox < 42.0', 'Mozilla Network Security Services <3.19.2.1', 'Mozilla Network Security Services 3.20.x(<3.20.1)', 'Mozilla Firefox ESR 38.x(<38.4)']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "77415"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-7183"
    }
  },
  "description": "Mozilla Firefox\u662f\u4e00\u4e2a\u5f00\u6e90\u7f51\u9875\u6d4f\u89c8\u5668\uff0c\u4f7f\u7528Gecko\u5f15\u64ce\u3002\u7f51\u7edc\u5b89\u5168\u670d\u52a1\uff08NSS\uff09\u662f\u4e00\u5957\u7528\u4e8e\u8de8\u5e73\u53f0\u5f00\u53d1\u542f\u7528\u4e86\u5b89\u5168\u529f\u80fd\u7684\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u5e94\u7528\u7684\u5e93\uff0c\u7528NSS\u7f16\u8bd1\u7684\u5e94\u7528\u53ef\u4ee5\u652f\u6301SSLv2\u3001SSLv3\u3001TLS\u7b49\u5b89\u5168\u6807\u51c6\u3002\r\n\r\nMozilla Firefox 42.0\u4e4b\u524d\u7248\u672c\uff0cFirefox ESR 38.x-38.4\u7248\u672c\uff0cMozilla Network Security Services (NSS) 3.19.2.1\u4e4b\u524d\u7248\u672c\u548c3.20.x-3.20.1\u7248\u672c\uff0cNSPR\u7684PL_ARENA_ALLOCATE\u5b9e\u73b0\u4e2d\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u53d1\u8d77\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
  "discovererName": "Ryan Sleevi from Google",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-133.html \r\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-07441",
  "openTime": "2015-11-11",
  "patchDescription": "Mozilla Firefox\u662f\u4e00\u4e2a\u5f00\u6e90\u7f51\u9875\u6d4f\u89c8\u5668\uff0c\u4f7f\u7528Gecko\u5f15\u64ce\u3002\u7f51\u7edc\u5b89\u5168\u670d\u52a1\uff08NSS\uff09\u662f\u4e00\u5957\u7528\u4e8e\u8de8\u5e73\u53f0\u5f00\u53d1\u542f\u7528\u4e86\u5b89\u5168\u529f\u80fd\u7684\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u5e94\u7528\u7684\u5e93\uff0c\u7528NSS\u7f16\u8bd1\u7684\u5e94\u7528\u53ef\u4ee5\u652f\u6301SSLv2\u3001SSLv3\u3001TLS\u7b49\u5b89\u5168\u6807\u51c6\u3002\r\n\r\nMozilla Firefox 42.0\u4e4b\u524d\u7248\u672c\uff0cFirefox ESR 38.x-38.4\u7248\u672c\uff0cMozilla Network Security Services (NSS) 3.19.2.1\u4e4b\u524d\u7248\u672c\u548c3.20.x-3.20.1\u7248\u672c\uff0cNSPR\u7684PL_ARENA_ALLOCATE\u5b9e\u73b0\u4e2d\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u53d1\u8d77\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Mozilla NSS/Firefox\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Mozilla Firefox \u003c 42.0",
      "Mozilla Network Security Services \u003c3.19.2.1",
      "Mozilla Network Security Services  3.20.x(\u003c3.20.1)",
      "Mozilla Firefox ESR 38.x(\u003c38.4)"
    ]
  },
  "referenceLink": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7183",
  "serverity": "\u9ad8",
  "submitTime": "2015-11-09",
  "title": "Mozilla NSS/Firefox\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2015-7183 (GCVE-0-2015-7183)

Vulnerability from cvelistv5

Published

2015-11-05 02:00

Modified

2024-08-06 07:43

Severity ?

CWE

Summary

Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

References

▼	URL	Tags
	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1034069	vdb-entry, x_refsource_SECTRACK
	https://bto.bluecoat.com/security-advisory/sa119	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/201512-10	vendor-advisory, x_refsource_GENTOO
	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html	vendor-advisory, x_refsource_SUSE
	https://bugzilla.mozilla.org/show_bug.cgi?id=1205157	x_refsource_CONFIRM
	http://www.debian.org/security/2015/dsa-3406	vendor-advisory, x_refsource_DEBIAN
	http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html	vendor-advisory, x_refsource_SUSE
	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2785-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2015-1981.html	vendor-advisory, x_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-2819-1	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/77415	vdb-entry, x_refsource_BID
	http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/91787	vdb-entry, x_refsource_BID
	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2015-1980.html	vendor-advisory, x_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-2790-1	vendor-advisory, x_refsource_UBUNTU
	http://www.debian.org/security/2015/dsa-3393	vendor-advisory, x_refsource_DEBIAN
	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes	x_refsource_CONFIRM
	http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html	x_refsource_MISC
	http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/201605-06	vendor-advisory, x_refsource_GENTOO
	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753	vendor-advisory, x_refsource_SLACKWARE
	http://www.mozilla.org/security/announce/2015/mfsa2015-133.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:43:44.947Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "1034069",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034069"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa119"
          },
          {
            "name": "SUSE-SU-2015:2081",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
          },
          {
            "name": "GLSA-201512-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201512-10"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "name": "SUSE-SU-2015:1981",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1205157"
          },
          {
            "name": "DSA-3406",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3406"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "name": "openSUSE-SU-2015:2229",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes"
          },
          {
            "name": "USN-2785-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2785-1"
          },
          {
            "name": "SUSE-SU-2015:1926",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "name": "RHSA-2015:1981",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html"
          },
          {
            "name": "USN-2819-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2819-1"
          },
          {
            "name": "77415",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/77415"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes"
          },
          {
            "name": "openSUSE-SU-2015:1942",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"
          },
          {
            "name": "RHSA-2015:1980",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html"
          },
          {
            "name": "USN-2790-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2790-1"
          },
          {
            "name": "DSA-3393",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3393"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html"
          },
          {
            "name": "openSUSE-SU-2015:2245",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"
          },
          {
            "name": "GLSA-201605-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201605-06"
          },
          {
            "name": "SSA:2015-310-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.399753"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html"
          },
          {
            "name": "SUSE-SU-2015:1978",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-11-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-19T16:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "1034069",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034069"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa119"
        },
        {
          "name": "SUSE-SU-2015:2081",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
        },
        {
          "name": "GLSA-201512-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201512-10"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "name": "SUSE-SU-2015:1981",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1205157"
        },
        {
          "name": "DSA-3406",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3406"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "name": "openSUSE-SU-2015:2229",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes"
        },
        {
          "name": "USN-2785-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2785-1"
        },
        {
          "name": "SUSE-SU-2015:1926",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
        },
        {
          "name": "RHSA-2015:1981",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html"
        },
        {
          "name": "USN-2819-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2819-1"
        },
        {
          "name": "77415",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/77415"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes"
        },
        {
          "name": "openSUSE-SU-2015:1942",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"
        },
        {
          "name": "RHSA-2015:1980",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html"
        },
        {
          "name": "USN-2790-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2790-1"
        },
        {
          "name": "DSA-3393",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3393"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html"
        },
        {
          "name": "openSUSE-SU-2015:2245",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"
        },
        {
          "name": "GLSA-201605-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201605-06"
        },
        {
          "name": "SSA:2015-310-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.399753"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html"
        },
        {
          "name": "SUSE-SU-2015:1978",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2015-7183",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "1034069",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034069"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa119",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa119"
            },
            {
              "name": "SUSE-SU-2015:2081",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
            },
            {
              "name": "GLSA-201512-10",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201512-10"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
            },
            {
              "name": "SUSE-SU-2015:1981",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1205157",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1205157"
            },
            {
              "name": "DSA-3406",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3406"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
            },
            {
              "name": "openSUSE-SU-2015:2229",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"
            },
            {
              "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes",
              "refsource": "CONFIRM",
              "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes"
            },
            {
              "name": "USN-2785-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2785-1"
            },
            {
              "name": "SUSE-SU-2015:1926",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "RHSA-2015:1981",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html"
            },
            {
              "name": "USN-2819-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2819-1"
            },
            {
              "name": "77415",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/77415"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
            },
            {
              "name": "91787",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91787"
            },
            {
              "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes",
              "refsource": "CONFIRM",
              "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes"
            },
            {
              "name": "openSUSE-SU-2015:1942",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"
            },
            {
              "name": "RHSA-2015:1980",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html"
            },
            {
              "name": "USN-2790-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2790-1"
            },
            {
              "name": "DSA-3393",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3393"
            },
            {
              "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes",
              "refsource": "CONFIRM",
              "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes"
            },
            {
              "name": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html"
            },
            {
              "name": "openSUSE-SU-2015:2245",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"
            },
            {
              "name": "GLSA-201605-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201605-06"
            },
            {
              "name": "SSA:2015-310-02",
              "refsource": "SLACKWARE",
              "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.399753"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html"
            },
            {
              "name": "SUSE-SU-2015:1978",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2015-7183",
    "datePublished": "2015-11-05T02:00:00",
    "dateReserved": "2015-09-16T00:00:00",
    "dateUpdated": "2024-08-06T07:43:44.947Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted