Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2015-2730

Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.

Related bugs and status

CVE-2015-2730 (Candidate) is related to these bugs:

Bug #1465014: Firefox and Chromium still vulnerable against LOGJAM

		In	Importance	Status
1465014	Firefox and Chromium still vulnerable against LOGJAM	nss (Ubuntu)	Critical	Fix Released
1465014	Firefox and Chromium still vulnerable against LOGJAM	firefox (Ubuntu)	Critical	Fix Released
1465014	Firefox and Chromium still vulnerable against LOGJAM	NSS	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.mozilla.org...
CONFIRM: https://bugzilla.mozil...
CONFIRM: https://developer.mozi...
DEBIAN: DSA-3336
SUSE: SUSE-SU-2015:1268
SUSE: SUSE-SU-2015:1269
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
BID: 75541
BID: 83399
GENTOO: GLSA-201512-10
REDHAT: RHSA-2015:1699
SUSE: SUSE-SU-2015:1449
REDHAT: RHSA-2015:1664
SUSE: openSUSE-SU-2015:1266
SUSE: openSUSE-SU-2015:1229
UBUNTU: USN-2656-1
UBUNTU: USN-2672-1
UBUNTU: USN-2656-2
SECTRACK: 1032783