CVE-2015-7183

Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mozillaCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
VendorProductVersion
mozillafirefox
𝑥
≤ 41.0.2
mozillanetwork_security_services
𝑥
≤ 3.19.2.0
mozillanetwork_security_services
3.20.0
mozillafirefox
38.0
mozillafirefox
38.0.1
mozillafirefox
38.0.5
mozillafirefox
38.1.0
mozillafirefox
38.1.1
mozillafirefox
38.2.0
mozillafirefox
38.2.1
mozillafirefox
38.3.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nspr
bullseye
2:4.29-1
fixed
wheezy
no-dsa
bookworm
2:4.35-1
fixed
sid
2:4.35-1.1
fixed
trixie
2:4.35-1.1
fixed
virtualbox
sid/contrib
7.0.20-dfsg-1
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
zesty
Fixed 42.0+build2-0ubuntu1
released
yakkety
Fixed 42.0+build2-0ubuntu1
released
xenial
Fixed 42.0+build2-0ubuntu1
released
wily
Fixed 42.0+build2-0ubuntu0.15.10.1
released
vivid
Fixed 42.0+build2-0ubuntu0.15.04.1
released
trusty
Fixed 42.0+build2-0ubuntu0.14.04.1
released
precise
Fixed 42.0+build2-0ubuntu0.12.04.1
released
nspr
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
Fixed 2:4.10.10-0ubuntu0.15.10.1
released
vivid
Fixed 2:4.10.10-0ubuntu0.15.04.1
released
trusty
Fixed 2:4.10.10-0ubuntu0.14.04.1
released
precise
Fixed 4.10.10-0ubuntu0.12.04.1
released
thunderbird
zesty
Fixed 1:38.4.0+build3-0ubuntu1
released
yakkety
Fixed 1:38.4.0+build3-0ubuntu1
released
xenial
Fixed 1:38.4.0+build3-0ubuntu1
released
wily
Fixed 1:38.4.0+build3-0ubuntu0.15.10.1
released
vivid
Fixed 1:38.4.0+build3-0ubuntu0.15.04.1
released
trusty
Fixed 1:38.4.0+build3-0ubuntu0.14.04.1
released
precise
Fixed 1:38.4.0+build3-0ubuntu0.12.04.1
released
virtualbox
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
Fixed 5.0.14-dfsg-0ubuntu1.15.10.1
released
vivid
Fixed 4.3.36-dfsg-1+deb8u1ubuntu1.15.04.1
released
trusty
Fixed 4.3.36-dfsg-1+deb8u1ubuntu1.14.04.1
released
precise
ignored
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html
http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html
http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html
http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html
http://rhn.redhat.com/errata/RHSA-2015-1980.html
http://rhn.redhat.com/errata/RHSA-2015-1981.html
http://www.debian.org/security/2015/dsa-3393
http://www.debian.org/security/2015/dsa-3406
http://www.mozilla.org/security/announce/2015/mfsa2015-133.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/77415
http://www.securityfocus.com/bid/91787
http://www.securitytracker.com/id/1034069
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753
http://www.ubuntu.com/usn/USN-2785-1
http://www.ubuntu.com/usn/USN-2790-1
http://www.ubuntu.com/usn/USN-2819-1
https://bto.bluecoat.com/security-advisory/sa119
https://bugzilla.mozilla.org/show_bug.cgi?id=1205157
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes
https://security.gentoo.org/glsa/201512-10
https://security.gentoo.org/glsa/201605-06
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html
http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html
http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html
http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html
http://rhn.redhat.com/errata/RHSA-2015-1980.html
http://rhn.redhat.com/errata/RHSA-2015-1981.html
http://www.debian.org/security/2015/dsa-3393
http://www.debian.org/security/2015/dsa-3406
http://www.mozilla.org/security/announce/2015/mfsa2015-133.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/77415
http://www.securityfocus.com/bid/91787
http://www.securitytracker.com/id/1034069
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753
http://www.ubuntu.com/usn/USN-2785-1
http://www.ubuntu.com/usn/USN-2790-1
http://www.ubuntu.com/usn/USN-2819-1
https://bto.bluecoat.com/security-advisory/sa119
https://bugzilla.mozilla.org/show_bug.cgi?id=1205157
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes
https://security.gentoo.org/glsa/201512-10
https://security.gentoo.org/glsa/201605-06