Remote Code Execution Vulnerability in Mozilla Network Security Services
CVE-2015-7181

Currently unrated

Key Information:

Vendor: Mozilla
Status: Network Security Services
Vendor: CVE Published:; 5 November 2015

What is CVE-2015-7181?

The vulnerability is rooted in the sec_asn1d_parse_leaf function within Mozilla Network Security Services (NSS), allowing unauthorized access to a specific data structure. This flaw can be exploited by remote attackers to induce a denial of service condition by triggering an application crash, or potentially execute arbitrary code by sending specially crafted OCTET STRING data, tied to a dangerous 'use-after-poison' scenario.

References

http://www.oracle.com/technetwork/topics/security/ovmbull...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1034069

vdb-entryx_refsource_SECTRACK

https://bto.bluecoat.com/security-advisory/sa119

x_refsource_CONFIRM

EPSS Score

27% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 5, 2015
Vulnerability Reserved
Sep 16, 2015