Man-in-the-Middle Vulnerability in Mozilla Network Security Services
CVE-2015-2721

Currently unrated

Key Information:

Vendor: Canonical
Status: Ubuntu Linux; Suse Linux Enterprise Server; Debian Linux; Suse Linux Enterprise Desktop
Vendor: CVE Published:; 6 July 2015

Summary

A flaw in the Mozilla Network Security Services (NSS) prior to version 3.19, which is leveraged by products like Firefox and Thunderbird, allows attackers to exploit improper management of the TLS state machine. This vulnerability can lead to man-in-the-middle attacks by blocking essential messages such as the ServerKeyExchange, effectively compromising cryptographic protections, including the forward-secrecy property.

References

http://www.oracle.com/technetwork/topics/security/ovmbull...

x_refsource_CONFIRM

http://lists.opensuse.org/opensuse-security-announce/2015...

vendor-advisoryx_refsource_SUSE

http://lists.opensuse.org/opensuse-security-announce/2015...

vendor-advisoryx_refsource_SUSE

Timeline

Vulnerability published
Jul 6, 2015
Vulnerability Reserved
Mar 25, 2015