7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.068 Low
EPSS
Percentile
93.9%
The sec_asn1d_parse_leaf function in Mozilla Network Security Services
(NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before
42.0 and Firefox ESR 38.x before 38.4 and other products, improperly
restricts access to an unspecified data structure, which allows remote
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via crafted OCTET STRING data, related to a
“use-after-poison” issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.04 | noarch | firefox | < 42.0+build2-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | firefox | < 42.0+build2-0ubuntu0.14.04.1 | UNKNOWN |
ubuntu | 15.04 | noarch | firefox | < 42.0+build2-0ubuntu0.15.04.1 | UNKNOWN |
ubuntu | 15.10 | noarch | firefox | < 42.0+build2-0ubuntu0.15.10.1 | UNKNOWN |
ubuntu | 12.04 | noarch | nss | < 3.19.2.1-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | nss | < 2:3.19.2.1-0ubuntu0.14.04.1 | UNKNOWN |
ubuntu | 15.04 | noarch | nss | < 2:3.19.2.1-0ubuntu0.15.04.1 | UNKNOWN |
ubuntu | 15.10 | noarch | nss | < 2:3.19.2.1-0ubuntu0.15.10.1 | UNKNOWN |
ubuntu | 12.04 | noarch | thunderbird | < 1:38.4.0+build3-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | thunderbird | < 1:38.4.0+build3-0ubuntu0.14.04.1 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2015-7181
nvd.nist.gov/vuln/detail/CVE-2015-7181
security-tracker.debian.org/tracker/CVE-2015-7181
ubuntu.com/security/notices/USN-2785-1
ubuntu.com/security/notices/USN-2791-1
ubuntu.com/security/notices/USN-2819-1
www.cve.org/CVERecord?id=CVE-2015-7181
www.mozilla.org/en-US/security/advisories/mfsa2015-133/