← Back

CVE-2015-2721

nvd nist
Published: Jul 6, 2015Modified: May 6, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue.

Affected (13)

Show all products
Canonical: Ubuntu Linux · Debian: Debian Linux · Novell: Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit · Mozilla: Network Security Services · Oracle: Solaris, Vm Server
Canonical
1 product
Ubuntu Linux
Debian
1 product
Debian Linux
Novell
3 products
Suse Linux Enterprise Desktop
Suse Linux Enterprise Server
Suse Linux Enterprise Software Development Kit
Mozilla
1 product
Network Security Services
Oracle
2 products
Solaris
Vm Server
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 12.04
Ubuntu Linux
Version 14.04
Ubuntu Linux
Version 14.10
Ubuntu Linux
Version 15.04
Debian
Debian Linux
Version 7.0
Debian Linux
Version 8.0
Suse Linux Enterprise Desktop
Version 12.0
Novell
Suse Linux Enterprise Server
Version 11 sp4
Suse Linux Enterprise Server
Version 12.0
Suse Linux Enterprise Software Development Kit
Version 12.0
Configuration B
1 vulnerable · 17 platform
Vulnerable SoftwareAffected Versions
Network Security Services
Version 3.19
Running on/withPlatform Versions
Mozilla
Firefox
Up to 38.1.0
Mozilla
Firefox
Version 31.0
Mozilla
Firefox
Version 31.1.0
Mozilla
Firefox
Version 31.1.1
Mozilla
Firefox
Version 31.3.0
Mozilla
Firefox
Version 31.5.1
Mozilla
Firefox
Version 31.5.2
Mozilla
Firefox
Version 31.5.3
Mozilla
Firefox
Version 38.0
Mozilla
Firefox Esr
Version 31.1
Mozilla
Firefox Esr
Version 31.2
Mozilla
Firefox Esr
Version 31.3
Mozilla
Firefox Esr
Version 31.4
Mozilla
Firefox Esr
Version 31.5
Mozilla
Firefox Esr
Version 31.6.0
Mozilla
Firefox Esr
Version 31.7.0
Mozilla
Thunderbird
Up to 38.0.1
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Solaris
Version 11.3
Vm Server
Version 3.2

Related CWEs

CWE-310
CWE-310

References (58)

Source: security@mozilla.org
Source: security@mozilla.org
Source: security@mozilla.org
Third Party Advisory
Source: security@mozilla.org
Third Party Advisory
Source: security@mozilla.org
Source: security@mozilla.org
Source: security@mozilla.org
Source: security@mozilla.org
Third Party Advisory
Source: security@mozilla.org
Third Party Advisory
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Third Party Advisory
Source: security@mozilla.org
Third Party Advisory
Source: security@mozilla.org
Third Party Advisory
Source: security@mozilla.org
Third Party Advisory
Source: security@mozilla.org
Third Party Advisory
Source: security@mozilla.org
Source: security@mozilla.org
Source: security@mozilla.org
Third Party Advisory
Source: security@mozilla.org
Source: security@mozilla.org
Source: security@mozilla.org
Source: security@mozilla.org
Source: security@mozilla.org
Source: security@mozilla.org
Third Party Advisory
Source: security@mozilla.org
ExploitIssue TrackingVDB EntryVendor Advisory
Source: security@mozilla.org
Release Notes
Source: security@mozilla.org
Source: security@mozilla.org
Source: security@mozilla.org
Technical Description
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingVDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Technical Description

Timeline

No history available yet.