CVE-2015-7575
Description
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
1.688
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update for Mozilla Firefox ESR (38.6.0) | Windows |
| Update for Mozilla Firefox ESR (38.6.1) | Windows |
| Update for Mozilla Thunderbird (38.6.0) | Windows |
| Vulnerability CVE-2015-7575 are affected in Mozilla Firefox 43.0.1 | Windows |
| Multiple vulnerabilities are fixed in Azul Zulu JDK 7 7.13 | Windows |
| Multiple vulnerabilities are fixed in Azul Zulu JDK 7 (x64) 7.13 | Windows |
| Multiple vulnerabilities are fixed in Azul Zulu JDK 8 (MSI) 8.13 | Windows |
| Multiple vulnerabilities are fixed in Azul Zulu JDK 8 (MSI) (x64) 8.13 | Windows |
| Multiple vulnerabilities are fixed in IBM WebSphere 8.0.0.13 | Windows |
| Multiple vulnerabilities are fixed in IBM WebSphere 8.5.5.9 | Windows |
| Multiple vulnerabilities are fixed in IBM WebSphere 7.0.0.41 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 12.0.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.5 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.6 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.7 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.8 | Windows |
| Open Source Java implementation (USN-2784-1) icedtea-7-jre-jamvm_7u85-2.6.1-5ubuntu0.15.10.1_i386.deb | Linux |
| Open Source Java implementation (USN-2784-1) icedtea-7-jre-jamvm_7u85-2.6.1-5ubuntu0.15.10.1_amd64.deb | Linux |
| Mozilla Open Source web browser (USN-2785-1) firefox_42.0+build2-0ubuntu0.15.10.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-2785-1) firefox_42.0+build2-0ubuntu0.15.10.1_amd64.deb | Linux |
| Network Security Service library (USN-2791-1) libnss3_3.19.2.1-0ubuntu0.15.10.1_i386.deb | Linux |
| Network Security Service library (USN-2791-1) libnss3_3.19.2.1-0ubuntu0.15.10.1_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-2863-1) libssl1.0.0_1.0.1-4ubuntu5.33_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-2863-1) libssl1.0.0_1.0.1-4ubuntu5.33_amd64.deb | Linux |
| Network Security Service library (USN-2864-1) libnss3_3.19.2.1-0ubuntu0.12.04.2_i386.deb | Linux |
| Network Security Service library (USN-2864-1) libnss3_3.19.2.1-0ubuntu0.12.04.2_amd64.deb | Linux |
| Network Security Service library (USN-2864-1) libnss3_3.19.2.1-0ubuntu0.14.04.2_i386.deb | Linux |
| Network Security Service library (USN-2864-1) libnss3_3.19.2.1-0ubuntu0.14.04.2_amd64.deb | Linux |
| Network Security Service library (USN-2864-1) libnss3_3.19.2.1-0ubuntu0.15.04.2_i386.deb | Linux |
| Network Security Service library (USN-2864-1) libnss3_3.19.2.1-0ubuntu0.15.04.2_amd64.deb | Linux |
| Network Security Service library (USN-2864-1) libnss3_3.19.2-1ubuntu1_i386.deb | Linux |
| Network Security Service library (USN-2864-1) libnss3_3.19.2-1ubuntu1_amd64.deb | Linux |
| Network Security Service library (USN-2864-1) libnss3_3.19.2.1-0ubuntu0.15.10.1_i386.deb | Linux |
| Network Security Service library (USN-2864-1) libnss3_3.19.2.1-0ubuntu0.15.10.1_amd64.deb | Linux |
| GNU TLS library (USN-2865-1) libgnutls26_2.12.14-5ubuntu3.11_i386.deb | Linux |
| GNU TLS library (USN-2865-1) libgnutls26_2.12.14-5ubuntu3.11_amd64.deb | Linux |
| GNU TLS library (USN-2865-1) libgnutls26_2.12.23-12ubuntu2.4_i386.deb | Linux |
| GNU TLS library (USN-2865-1) libgnutls26_2.12.23-12ubuntu2.4_amd64.deb | Linux |
| GNU TLS library (USN-2865-1) libgnutlsxx28_3.3.8-3ubuntu3.2_i386.deb | Linux |
| GNU TLS library (USN-2865-1) libgnutlsxx28_3.3.8-3ubuntu3.2_amd64.deb | Linux |
| GNU TLS library (USN-2865-1) libgnutls-deb0-28_3.3.8-3ubuntu3.2_i386.deb | Linux |
| GNU TLS library (USN-2865-1) libgnutls-deb0-28_3.3.8-3ubuntu3.2_amd64.deb | Linux |
| GNU TLS library (USN-2865-1) libgnutls-openssl27_3.3.8-3ubuntu3.2_i386.deb | Linux |
| GNU TLS library (USN-2865-1) libgnutls-openssl27_3.3.8-3ubuntu3.2_amd64.deb | Linux |
| Mozilla Open Source web browser (USN-2866-1) firefox_43.0.4+build3-0ubuntu0.12.04.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-2866-1) firefox_43.0.4+build3-0ubuntu0.12.04.1_amd64.deb | Linux |
| Mozilla Open Source web browser (USN-2866-1) firefox_43.0.4+build3-0ubuntu0.14.04.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-2866-1) firefox_43.0.4+build3-0ubuntu0.14.04.1_amd64.deb | Linux |
| Mozilla Open Source web browser (USN-2866-1) firefox_43.0.4+build3-0ubuntu0.15.04.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-2866-1) firefox_43.0.4+build3-0ubuntu0.15.04.1_amd64.deb | Linux |
| Mozilla Open Source web browser (USN-2866-1) firefox_43.0.4+build3-0ubuntu0.15.10.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-2866-1) firefox_43.0.4+build3-0ubuntu0.15.10.1_amd64.deb | Linux |
| Mozilla Open Source web browser (USN-2880-1) firefox_42.0+build2-0ubuntu0.15.10.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-2880-1) firefox_42.0+build2-0ubuntu0.15.10.1_amd64.deb | Linux |
| Open Source Java implementation (USN-2884-1) icedtea-7-jre-jamvm_7u95-2.6.4-0ubuntu0.15.04.1_i386.deb | Linux |
| Open Source Java implementation (USN-2884-1) icedtea-7-jre-jamvm_7u95-2.6.4-0ubuntu0.15.04.1_amd64.deb | Linux |
| Open Source Java implementation (USN-2884-1) icedtea-7-jre-jamvm_7u85-2.6.1-5ubuntu0.15.10.1_i386.deb | Linux |
| Open Source Java implementation (USN-2884-1) icedtea-7-jre-jamvm_7u85-2.6.1-5ubuntu0.15.10.1_amd64.deb | Linux |
| Mozilla Open Source web browser (USN-2893-1) firefox_42.0+build2-0ubuntu0.15.10.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-2893-1) firefox_42.0+build2-0ubuntu0.15.10.1_amd64.deb | Linux |
| Mozilla Open Source mail and newsgroup client (USN-2904-1) thunderbird_38.6.0+build1-0ubuntu0.12.04.1_amd64.deb | Linux |
| Mozilla Open Source mail and newsgroup client (USN-2904-1) thunderbird_38.6.0+build1-0ubuntu0.14.04.1_i386.deb | Linux |
| Mozilla Open Source mail and newsgroup client (USN-2904-1) thunderbird_38.6.0+build1-0ubuntu0.14.04.1_amd64.deb | Linux |
| Mozilla Open Source mail and newsgroup client (USN-2904-1) thunderbird_38.6.0+build1-0ubuntu0.15.10.1_i386.deb | Linux |
| SUSE-SU-2016:0269-1(SUSE Linux Enterprise Desktop 11-SP3 ) java-1_7_0-openjdk-1.7.0.95-0.17.2.x86_64.rpm | Linux |
| SUSE-SU-2016:0269-1(SUSE Linux Enterprise Desktop 11-SP3 ) java-1_7_0-openjdk-demo-1.7.0.95-0.17.2.x86_64.rpm | Linux |
| SUSE-SU-2016:0269-1(SUSE Linux Enterprise Desktop 11-SP3 ) java-1_7_0-openjdk-devel-1.7.0.95-0.17.2.x86_64.rpm | Linux |
| SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) MozillaFirefox-38.7.0esr-37.3.x86_64.rpm | Linux |
| SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) MozillaFirefox-translations-38.7.0esr-37.3.x86_64.rpm | Linux |
| SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) libfreebl3-3.20.2-28.1.x86_64.rpm | Linux |
| SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) libfreebl3-32bit-3.20.2-28.1.x86_64.rpm | Linux |
| SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) libsoftokn3-3.20.2-28.1.x86_64.rpm | Linux |
| SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) libsoftokn3-32bit-3.20.2-28.1.x86_64.rpm | Linux |
| SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) mozilla-nspr-4.12-24.1.x86_64.rpm | Linux |
| SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) mozilla-nspr-32bit-4.12-24.1.x86_64.rpm | Linux |
| SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) mozilla-nss-3.20.2-28.1.x86_64.rpm | Linux |
| SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) mozilla-nss-32bit-3.20.2-28.1.x86_64.rpm | Linux |
| SUSE-SU-2016:0776-1(SUSE Linux Enterprise Desktop 11-SP4 ) mozilla-nss-tools-3.20.2-28.1.x86_64.rpm | Linux |
| CVE-2015-7575 | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-302290 | Update for Mozilla Firefox ESR (38.6.0) |
| PATCH-302291 | Update for Mozilla Firefox ESR (38.6.1) |
| PATCH-303211 | Update for Mozilla Thunderbird (38.6.0) |
| PATCH-343015 | Mozilla Firefox (132.0.2) |
| PATCH-344728 | Azul Zulu JDK 8 (MSI) (8.84.0.15) |
| PATCH-344692 | Azul Zulu JDK 8 (MSI) (x64) (8.84.0.15) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234