Vulnerability in Mozilla Firefox
CVE-2015-2721
Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for…
Vulnerability class: POODLE (CVE-2014-3566)
EPSS: 0.005 (66.8th percentile) — read the EPSS interpretation.
Affected products
- Mozilla Firefox — versions 31.0, 31.1.0, 31.1.1
- Mozilla Firefox_esr — versions 31.1, 31.2, 31.3
- Mozilla Network_security_services — versions 3.19
- Mozilla Thunderbird
- Novell Suse_linux_enterprise_desktop — versions 12.0
- Novell Suse_linux_enterprise_server — versions 11, 12.0
- Novell Suse_linux_enterprise_software_development_kit — versions 12.0
- Oracle Solaris — versions 11.3
- Oracle Vm_server — versions 3.2
- Canonical Ubuntu_linux — versions 12.04, 14.04, 14.10
Weakness classification (CWE)
Public proof-of-concept exploits
References
- security@mozilla.org (x_refsource_CONFIRM, Third Party Advisory)
- openSUSE-SU-2015:1229 (vendor-advisory, x_refsource_SUSE)
- SUSE-SU-2015:1268 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
- security@mozilla.org (x_refsource_CONFIRM, Release Notes)
- 83398 (vdb-entry, x_refsource_BID)
- GLSA-201512-10 (vendor-advisory, x_refsource_GENTOO)
- GLSA-201701-46 (vendor-advisory, x_refsource_GENTOO)
- DSA-3336 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
- security@mozilla.org (x_refsource_CONFIRM, Third Party Advisory)
- 75541 (vdb-entry, x_refsource_BID)
Frequently asked questions
- What is CVE-2015-2721?
- CVE-2015-2721 is a vulnerability in Mozilla Firefox, classified under Cryptographic Issues. Published 2015-07-06.
- Is CVE-2015-2721 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.