Vulnerability in Mozilla Firefox
CVE-2015-2730
Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplicat…
Vulnerability class: POODLE (CVE-2014-3566)
EPSS: 0.002 (45.6th percentile) — read the EPSS interpretation.
Affected products
- Mozilla Firefox — versions 31.0, 31.1.0, 31.1.1
- Mozilla Firefox_esr — versions 31.1, 31.2, 31.3
- Mozilla Network_security_services
- Novell Suse_linux_enterprise_desktop — versions 12.0
- Novell Suse_linux_enterprise_server — versions 11, 12.0
- Novell Suse_linux_enterprise_software_development_kit — versions 12.0
- Oracle Solaris — versions 11.3
- Oracle Vm_server — versions 3.2
- Debian Debian_linux — versions 7.0, 8.0
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- security@mozilla.org (x_refsource_CONFIRM, Third Party Advisory)
- openSUSE-SU-2015:1229 (vendor-advisory, x_refsource_SUSE)
- SUSE-SU-2015:1268 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
- 83399 (vdb-entry, x_refsource_BID)
- GLSA-201512-10 (vendor-advisory, x_refsource_GENTOO)
- DSA-3336 (vendor-advisory, x_refsource_DEBIAN)
- 75541 (vdb-entry, x_refsource_BID)
- security@mozilla.org (x_refsource_CONFIRM, Third Party Advisory)
- USN-2672-1 (x_refsource_UBUNTU, vendor-advisory)
- RHSA-2015:1699 (x_refsource_REDHAT, vendor-advisory)
Frequently asked questions
- What is CVE-2015-2730?
- CVE-2015-2730 is a vulnerability in Mozilla Firefox, classified under Cryptographic Issues. Published 2015-07-06.
- Is CVE-2015-2730 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.