usn-2656-1
Vulnerability from osv_ubuntu
Published
2015-07-09 20:16
Modified
2026-05-29 17:43
Summary
firefox vulnerabilities
Details

Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721)

Looben Yan discovered 2 use-after-free issues when using XMLHttpRequest in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2722, CVE-2015-2733)

Bob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Terrence Cole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas Pehrson, Tooru Fujisawa, Andrew Sutherland, and Gary Kwong discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2726)

Armin Razmdjou discovered that opening hyperlinks with specific mouse and key combinations could allow a Chrome privileged URL to be opened without context restrictions being preserved. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2015-2727)

Paul Bandha discovered a type confusion bug in the Indexed DB Manager. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-2728)

Holger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-2729)

Watson Ladd discovered that NSS incorrectly handled Elliptical Curve Cryptography (ECC) multiplication. A remote attacker could possibly use this issue to spoof ECDSA signatures. (CVE-2015-2730)

A use-after-free was discovered when a Content Policy modifies the DOM to remove a DOM object. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-2731)

Ronald Crane discovered multiple security vulnerabilities. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740)

David Keeler discovered that key pinning checks can be skipped when an overridable certificate error occurs. This allows a user to manually override an error for a fake certificate, but cannot be exploited on its own. (CVE-2015-2741)

Jonas Jenwald discovered that some internal workers were incorrectly executed with a high privilege. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this in combination with another security vulnerability, to execute arbitrary code in a privileged scope. (CVE-2015-2743)

Matthew Green discovered a DHE key processing issue in NSS where a MITM could force a server to downgrade TLS connections to 512-bit export-grade cryptography. An attacker could potentially exploit this to impersonate the server. (CVE-2015-4000)


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2015-2721",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-2722",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-2724",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-2725",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-2726",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-2727",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-2728",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-2729",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-2730",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-2731",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-2733",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-2734",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-2735",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-2736",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-2737",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-2738",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-2739",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-2740",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-2741",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-2743",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-4000",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:14.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "firefox",
            "binary_version": "39.0+build5-0ubuntu0.14.04.1"
          },
          {
            "binary_name": "firefox-globalmenu",
            "binary_version": "39.0+build5-0ubuntu0.14.04.1"
          },
          {
            "binary_name": "firefox-mozsymbols",
            "binary_version": "39.0+build5-0ubuntu0.14.04.1"
          },
          {
            "binary_name": "firefox-testsuite",
            "binary_version": "39.0+build5-0ubuntu0.14.04.1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:14.04:LTS",
        "name": "firefox",
        "purl": "pkg:deb/ubuntu/firefox@39.0+build5-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "39.0+build5-0ubuntu0.14.04.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "24.0+build1-0ubuntu1",
        "25.0+build3-0ubuntu0.13.10.1",
        "28.0~b2+build1-0ubuntu2",
        "28.0+build1-0ubuntu1",
        "28.0+build2-0ubuntu1",
        "28.0+build2-0ubuntu2",
        "29.0+build1-0ubuntu0.14.04.2",
        "30.0+build1-0ubuntu0.14.04.3",
        "31.0+build1-0ubuntu0.14.04.1",
        "32.0+build1-0ubuntu0.14.04.1",
        "32.0.3+build1-0ubuntu0.14.04.1",
        "33.0+build2-0ubuntu0.14.04.1",
        "34.0+build2-0ubuntu0.14.04.1",
        "35.0+build3-0ubuntu0.14.04.2",
        "35.0.1+build1-0ubuntu0.14.04.1",
        "36.0+build2-0ubuntu0.14.04.4",
        "36.0.1+build2-0ubuntu0.14.04.1",
        "36.0.4+build1-0ubuntu0.14.04.1",
        "37.0+build2-0ubuntu0.14.04.1",
        "37.0.1+build1-0ubuntu0.14.04.1",
        "37.0.2+build1-0ubuntu0.14.04.1",
        "38.0+build3-0ubuntu0.14.04.1"
      ]
    }
  ],
  "aliases": [],
  "details": "Karthikeyan Bhargavan discovered that NSS incorrectly handled state\ntransitions for the TLS state machine. If a remote attacker were able to\nperform a machine-in-the-middle attack, this flaw could be exploited to skip\nthe ServerKeyExchange message and remove the forward-secrecy property.\n(CVE-2015-2721)\n\nLooben Yan discovered 2 use-after-free issues when using XMLHttpRequest in\nsome circumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2015-2722,\nCVE-2015-2733)\n\nBob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Terrence\nCole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas Pehrson, Tooru\nFujisawa, Andrew Sutherland, and Gary Kwong discovered multiple memory\nsafety issues in Firefox. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2015-2724,\nCVE-2015-2725, CVE-2015-2726)\n\nArmin Razmdjou discovered that opening hyperlinks with specific mouse\nand key combinations could allow a Chrome privileged URL to be opened\nwithout context restrictions being preserved. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to bypass security restrictions. (CVE-2015-2727)\n\nPaul Bandha discovered a type confusion bug in the Indexed DB Manager. If\na user were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to cause a denial of service via\napplication crash or execute arbitrary code with the priviliges of the\nuser invoking Firefox. (CVE-2015-2728)\n\nHolger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a\nuser were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to obtain sensitive information.\n(CVE-2015-2729)\n\nWatson Ladd discovered that NSS incorrectly handled Elliptical Curve\nCryptography (ECC) multiplication. A remote attacker could possibly use\nthis issue to spoof ECDSA signatures. (CVE-2015-2730)\n\nA use-after-free was discovered when a Content Policy modifies the DOM to\nremove a DOM object. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash or execute arbitrary code with the\npriviliges of the user invoking Firefox. (CVE-2015-2731)\n\nRonald Crane discovered multiple security vulnerabilities. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737,\nCVE-2015-2738, CVE-2015-2739, CVE-2015-2740)\n\nDavid Keeler discovered that key pinning checks can be skipped when an\noverridable certificate error occurs. This allows a user to manually\noverride an error for a fake certificate, but cannot be exploited on its\nown. (CVE-2015-2741)\n\nJonas Jenwald discovered that some internal workers were incorrectly\nexecuted with a high privilege. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this in\ncombination with another security vulnerability, to execute arbitrary code\nin a privileged scope. (CVE-2015-2743)\n\nMatthew Green discovered a DHE key processing issue in NSS where a MITM\ncould force a server to downgrade TLS connections to 512-bit export-grade\ncryptography. An attacker could potentially exploit this to impersonate\nthe server. (CVE-2015-4000)\n",
  "id": "USN-2656-1",
  "modified": "2026-05-29T17:43:57Z",
  "published": "2015-07-09T20:16:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-2656-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2721"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2722"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2724"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2725"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2726"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2727"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2728"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2729"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2730"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2731"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2733"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2734"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2735"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2736"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2737"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2738"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2739"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2740"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2741"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-2743"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-4000"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "firefox vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2015-2721",
    "UBUNTU-CVE-2015-2722",
    "UBUNTU-CVE-2015-2724",
    "UBUNTU-CVE-2015-2725",
    "UBUNTU-CVE-2015-2726",
    "UBUNTU-CVE-2015-2727",
    "UBUNTU-CVE-2015-2728",
    "UBUNTU-CVE-2015-2729",
    "UBUNTU-CVE-2015-2730",
    "UBUNTU-CVE-2015-2731",
    "UBUNTU-CVE-2015-2733",
    "UBUNTU-CVE-2015-2734",
    "UBUNTU-CVE-2015-2735",
    "UBUNTU-CVE-2015-2736",
    "UBUNTU-CVE-2015-2737",
    "UBUNTU-CVE-2015-2738",
    "UBUNTU-CVE-2015-2739",
    "UBUNTU-CVE-2015-2740",
    "UBUNTU-CVE-2015-2741",
    "UBUNTU-CVE-2015-2743",
    "UBUNTU-CVE-2015-4000"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…