QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2015-2721

Back to search

CVE-2015-2721

Published: Jul 6, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue.

VendorProductVersions

n/a

n/a

affected
n/a

References

openSUSE-SU-2015:1229
vendor-advisory
x_refsource_SUSE
SUSE-SU-2015:1268
vendor-advisory
x_refsource_SUSE
83398
vdb-entry
x_refsource_BID
GLSA-201512-10
vendor-advisory
x_refsource_GENTOO
GLSA-201701-46
vendor-advisory
x_refsource_GENTOO
DSA-3336
vendor-advisory
x_refsource_DEBIAN
75541
vdb-entry
x_refsource_BID
RHSA-2015:1185
vendor-advisory
x_refsource_REDHAT
DSA-3324
vendor-advisory
x_refsource_DEBIAN
USN-2672-1
vendor-advisory
x_refsource_UBUNTU
USN-2673-1
vendor-advisory
x_refsource_UBUNTU
1032784
vdb-entry
x_refsource_SECTRACK
SUSE-SU-2015:1269
vendor-advisory
x_refsource_SUSE
91787
vdb-entry
x_refsource_BID
openSUSE-SU-2015:1266
vendor-advisory
x_refsource_SUSE
RHSA-2015:1664
vendor-advisory
x_refsource_REDHAT
USN-2656-1
vendor-advisory
x_refsource_UBUNTU
SUSE-SU-2015:1449
vendor-advisory
x_refsource_SUSE
https://smacktls.com
x_refsource_MISC
1032783
vdb-entry
x_refsource_SECTRACK
USN-2656-2
vendor-advisory
x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now