Elliptical Curve Cryptography Vulnerability in Mozilla Network Security Services
CVE-2015-2730

Currently unrated

Key Information:

Vendor

Novell
Status
Suse Linux Enterprise Server
Debian Linux
Suse Linux Enterprise Desktop
Suse Linux Enterprise Software Development Kit
Vendor
CVE Published:
6 July 2015

What is CVE-2015-2730?

A significant vulnerability exists in Mozilla Network Security Services (NSS) prior to version 3.19.1, which affects various versions of Mozilla Firefox and its Extended Support Release (ESR) variants. This flaw arises from improper handling of Elliptical Curve Cryptography (ECC) multiplications, potentially allowing remote attackers to impersonate entities by spoofing ECDSA signatures through unspecified methods. Affected users are advised to upgrade to the latest versions to mitigate potential risks.

References

http://www.oracle.com/technetwork/topics/security/ovmbull...
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015...
vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2015...
vendor-advisoryx_refsource_SUSE

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.