CVE-2015-2721
Description
Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a SMACK SKIP-TLS issue.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.607
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update for SeaMonkey (2.35) | Windows |
| Update for Mozilla Firefox ESR (38.1.0) | Windows |
| Update for Mozilla Firefox (39.0) | Windows |
| Update for Mozilla Thunderbird (38.1.0) | Windows |
| Update for Mozilla Firefox (39.0.3) | Windows |
| Update for Mozilla Firefox ESR (38.1.1) | Windows |
| Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 2.2 | Mac |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (39.0) | Mac |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (39.0.3) | Mac |
| Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (139.0) | Mac |
| Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (139.0.1) | Mac |
| Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (139.0.4) | Mac |
| Multiple vulnerabilities are fixed in Mozilla Thunderbird For Mac 31.8 | Mac |
| Multiple vulnerabilities are fixed in Update for Mozilla Thunderbird For Mac (38.1.0) | Mac |
| Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 31.8 | Mac |
| Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 38.1 | Mac |
| Network Security Service library (USN-2672-1) libnss3_3.19.2.1-0ubuntu0.15.04.1_i386.deb | Linux |
| Network Security Service library (USN-2672-1) libnss3_3.19.2.1-0ubuntu0.15.04.1_amd64.deb | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-301494 | Update for SeaMonkey (2.35) |
| PATCH-302079 | Update for Mozilla Firefox ESR (38.1.0) |
| PATCH-302105 | Update for Mozilla Thunderbird (38.1.0) |
| PATCH-302171 | Update for Mozilla Firefox ESR (38.1.1) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
| PATCH-611807 | Mozilla Thunderbird For Mac (142.0) |
| PATCH-611353 | Mozilla Thunderbird For Mac (128.12.0) |
| PATCH-612783 | Mozilla Firefox For Mac (145.0.1) |
| PATCH-612783 | Mozilla Firefox For Mac (145.0.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234