English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.2.1.2015.150
Category:General
Title:Mozilla Firefox Security Advisory (MFSA2015-150) - Linux
Summary:This host is missing a security update for Mozilla Firefox.
Description:Summary:
This host is missing a security update for Mozilla Firefox.

Vulnerability Insight:
MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature
Security researcher Karthikeyan Bhargavan reported an issue
in Network Security Services (NSS) where MD5 signatures in the server signature within the
TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has
officially disallowed the accepting MD5 as a hash algorithm in signatures since 2011. This
issue exposes NSS based clients such as Firefox to theoretical collision-based forgery
attacks. This issue was fixed in NSS version 3.20.2.

Affected Software/OS:
Firefox version(s) below 43.0.2.

Solution:
The vendor has released an update. Please see the reference(s) for more information.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-7575
1034541
http://www.securitytracker.com/id/1034541
1036467
http://www.securitytracker.com/id/1036467
79684
http://www.securityfocus.com/bid/79684
91787
http://www.securityfocus.com/bid/91787
DSA-3436
http://www.debian.org/security/2016/dsa-3436
DSA-3437
http://www.debian.org/security/2016/dsa-3437
DSA-3457
http://www.debian.org/security/2016/dsa-3457
DSA-3458
http://www.debian.org/security/2016/dsa-3458
DSA-3465
http://www.debian.org/security/2016/dsa-3465
DSA-3491
http://www.debian.org/security/2016/dsa-3491
DSA-3688
http://www.debian.org/security/2016/dsa-3688
GLSA-201701-46
https://security.gentoo.org/glsa/201701-46
GLSA-201706-18
https://security.gentoo.org/glsa/201706-18
GLSA-201801-15
https://security.gentoo.org/glsa/201801-15
RHSA-2016:0049
http://rhn.redhat.com/errata/RHSA-2016-0049.html
RHSA-2016:0050
http://rhn.redhat.com/errata/RHSA-2016-0050.html
RHSA-2016:0053
http://rhn.redhat.com/errata/RHSA-2016-0053.html
RHSA-2016:0054
http://rhn.redhat.com/errata/RHSA-2016-0054.html
RHSA-2016:0055
http://rhn.redhat.com/errata/RHSA-2016-0055.html
RHSA-2016:0056
http://rhn.redhat.com/errata/RHSA-2016-0056.html
RHSA-2016:1430
https://access.redhat.com/errata/RHSA-2016:1430
SUSE-SU-2016:0256
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
SUSE-SU-2016:0265
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html
SUSE-SU-2016:0269
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html
USN-2863-1
http://www.ubuntu.com/usn/USN-2863-1
USN-2864-1
http://www.ubuntu.com/usn/USN-2864-1
USN-2865-1
http://www.ubuntu.com/usn/USN-2865-1
USN-2866-1
http://www.ubuntu.com/usn/USN-2866-1
USN-2884-1
http://www.ubuntu.com/usn/USN-2884-1
USN-2904-1
http://www.ubuntu.com/usn/USN-2904-1
http://www.mozilla.org/security/announce/2015/mfsa2015-150.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1158489
https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes
https://security.netapp.com/advisory/ntap-20160225-0001/
openSUSE-SU-2015:2405
http://lists.opensuse.org/opensuse-updates/2015-12/msg00139.html
openSUSE-SU-2016:0007
http://lists.opensuse.org/opensuse-updates/2016-01/msg00005.html
openSUSE-SU-2016:0161
http://lists.opensuse.org/opensuse-updates/2016-01/msg00058.html
openSUSE-SU-2016:0162
http://lists.opensuse.org/opensuse-updates/2016-01/msg00059.html
openSUSE-SU-2016:0263
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html
openSUSE-SU-2016:0268
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html
openSUSE-SU-2016:0270
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
openSUSE-SU-2016:0272
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html
openSUSE-SU-2016:0279
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html
openSUSE-SU-2016:0307
http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html
openSUSE-SU-2016:0308
http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html
openSUSE-SU-2016:0488
http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html
openSUSE-SU-2016:0605
http://lists.opensuse.org/opensuse-updates/2016-02/msg00166.html
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.