CVE-2015-2721

06.07.2015, 02:00

Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:P/A:N
mozilla	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 74%

Vendor	Product	Version
novell	suse_linux_enterprise_software_development_kit	12.0
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	14.10
canonical	ubuntu_linux	15.04
debian	debian_linux	7.0
debian	debian_linux	8.0
novell	suse_linux_enterprise_desktop	12.0
novell	suse_linux_enterprise_server	12.0
mozilla	network_security_services	3.19
oracle	solaris	11.3
oracle	vm_server	3.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

nss

bullseye	2:3.61-1+deb11u3 fixed
bullseye (security)	2:3.61-1+deb11u4 fixed
bookworm	2:3.87.1-1 fixed
sid	2:3.105-2 fixed
trixie	2:3.105-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

firefox

vivid	Fixed 39.0+build5-0ubuntu0.15.04.1 released
utopic	Fixed 39.0+build5-0ubuntu0.14.10.1 released
trusty	Fixed 39.0+build5-0ubuntu0.14.04.1 released
precise	Fixed 39.0+build5-0ubuntu0.12.04.2 released

nss

vivid	Fixed 2:3.19.2-0ubuntu15.04.1 released
utopic	Fixed 2:3.19.2-0ubuntu0.14.10.1 released
trusty	Fixed 2:3.19.2-0ubuntu0.14.04.1 released
precise	Fixed 3.19.2-0ubuntu0.12.04.1 released

thunderbird

vivid	Fixed 1:31.8.0+build1-0ubuntu0.15.04.1 released
utopic	Fixed 1:31.8.0+build1-0ubuntu0.14.10.1 released
trusty	Fixed 1:31.8.0+build1-0ubuntu0.14.04.1 released
precise	Fixed 1:31.8.0+build1-0ubuntu0.12.04.1 released

Known Exploits!

Common Weakness Enumeration

CWE-310 -

References

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

http://rhn.redhat.com/errata/RHSA-2015-1185.html

http://rhn.redhat.com/errata/RHSA-2015-1664.html

http://www.debian.org/security/2015/dsa-3324

http://www.debian.org/security/2015/dsa-3336

http://www.mozilla.org/security/announce/2015/mfsa2015-71.html

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securityfocus.com/bid/75541

http://www.securityfocus.com/bid/83398

http://www.securityfocus.com/bid/91787

http://www.securitytracker.com/id/1032783

http://www.securitytracker.com/id/1032784

http://www.ubuntu.com/usn/USN-2656-1

http://www.ubuntu.com/usn/USN-2656-2

http://www.ubuntu.com/usn/USN-2672-1

http://www.ubuntu.com/usn/USN-2673-1

https://bugzilla.mozilla.org/show_bug.cgi?id=1086145

https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes

https://security.gentoo.org/glsa/201512-10

https://security.gentoo.org/glsa/201701-46

https://smacktls.com

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

http://rhn.redhat.com/errata/RHSA-2015-1185.html

http://rhn.redhat.com/errata/RHSA-2015-1664.html

http://www.debian.org/security/2015/dsa-3324

http://www.debian.org/security/2015/dsa-3336

http://www.mozilla.org/security/announce/2015/mfsa2015-71.html

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securityfocus.com/bid/75541

http://www.securityfocus.com/bid/83398

http://www.securityfocus.com/bid/91787

http://www.securitytracker.com/id/1032783

http://www.securitytracker.com/id/1032784

http://www.ubuntu.com/usn/USN-2656-1

http://www.ubuntu.com/usn/USN-2656-2

http://www.ubuntu.com/usn/USN-2672-1

http://www.ubuntu.com/usn/USN-2673-1

https://bugzilla.mozilla.org/show_bug.cgi?id=1086145

https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes

https://security.gentoo.org/glsa/201512-10

https://security.gentoo.org/glsa/201701-46

https://smacktls.com