Description
Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
Published: 2015-11-05
Score: 7.5 High
EPSS: 4.7% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-344-1 nspr security update
Debian DSA Debian DSA DSA-3393-1 iceweasel security update
Debian DSA Debian DSA DSA-3406-1 nspr security update
Ubuntu USN Ubuntu USN USN-2785-1 Firefox vulnerabilities
Ubuntu USN Ubuntu USN USN-2790-1 NSPR vulnerability
Ubuntu USN Ubuntu USN USN-2819-1 Thunderbird vulnerabilities
References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html cve-icon cve-icon
http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-1980.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-1981.html cve-icon cve-icon
http://www.debian.org/security/2015/dsa-3393 cve-icon cve-icon
http://www.debian.org/security/2015/dsa-3406 cve-icon cve-icon
http://www.mozilla.org/security/announce/2015/mfsa2015-133.html cve-icon cve-icon
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html cve-icon cve-icon
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html cve-icon cve-icon
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html cve-icon cve-icon
http://www.securityfocus.com/bid/77415 cve-icon cve-icon
http://www.securityfocus.com/bid/91787 cve-icon cve-icon
http://www.securitytracker.com/id/1034069 cve-icon cve-icon
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2785-1 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2790-1 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2819-1 cve-icon cve-icon
https://access.redhat.com/articles/2043623 cve-icon
https://bto.bluecoat.com/security-advisory/sa119 cve-icon cve-icon
https://bugzilla.mozilla.org/show_bug.cgi?id=1205157 cve-icon cve-icon
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes cve-icon cve-icon
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes cve-icon cve-icon
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2015-7183 cve-icon
https://security.gentoo.org/glsa/201512-10 cve-icon cve-icon
https://security.gentoo.org/glsa/201605-06 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2015-7183 cve-icon
https://www.mozilla.org/security/announce/2015/mfsa2015-133.html cve-icon
History

Tue, 22 Oct 2024 14:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*		 cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*
Vendors & Products Mozilla firefox Esr

Subscriptions

Mozilla Firefox Network Security Services
Redhat Enterprise Linux Rhel Aus Rhel Eus Rhel Mission Critical
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2024-08-06T07:43:44.947Z

Reserved: 2015-09-16T00:00:00.000Z

Link: CVE-2015-7183

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2015-11-05T05:59:07.883

Modified: 2025-04-12T10:46:40.837

Link: CVE-2015-7183

cve-icon Redhat

Severity : Critical

Publid Date: 2015-11-03T00:00:00Z

Links: CVE-2015-7183 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses