Vulnerability-Lookup

CVE-2015-7200 (GCVE-0-2015-7200)

Vulnerability from cvelistv5 – Published: 2015-11-05 02:00 – Updated: 2024-08-06 07:43

Summary

The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key.

Severity ?

No CVSS data available.

CWE

Assigner

mozilla

References

URL

Tags

	http://www.securitytracker.com/id/1034069	vdb-entryx_refsource_SECTRACK
	http://www.debian.org/security/2015/dsa-3410	vendor-advisoryx_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://security.gentoo.org/glsa/201512-10	vendor-advisoryx_refsource_GENTOO
	http://www.securityfocus.com/bid/77411	vdb-entryx_refsource_BID
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://bugzilla.mozilla.org/show_bug.cgi?id=1204155	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2015-1…	vendor-advisoryx_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2015-2519.html	vendor-advisoryx_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-2785-1	vendor-advisoryx_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2015-1982.html	vendor-advisoryx_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-2819-1	vendor-advisoryx_refsource_UBUNTU
	http://www.mozilla.org/security/announce/2015/mfs…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.debian.org/security/2015/dsa-3393	vendor-advisoryx_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-updates/2015-1…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:43:45.440Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1034069",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034069"
          },
          {
            "name": "DSA-3410",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3410"
          },
          {
            "name": "SUSE-SU-2015:2081",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
          },
          {
            "name": "GLSA-201512-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201512-10"
          },
          {
            "name": "77411",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/77411"
          },
          {
            "name": "SUSE-SU-2015:1981",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1204155"
          },
          {
            "name": "openSUSE-SU-2015:2229",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"
          },
          {
            "name": "RHSA-2015:2519",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-2519.html"
          },
          {
            "name": "USN-2785-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2785-1"
          },
          {
            "name": "SUSE-SU-2015:1926",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "name": "RHSA-2015:1982",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1982.html"
          },
          {
            "name": "USN-2819-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2819-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-131.html"
          },
          {
            "name": "openSUSE-SU-2015:1942",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"
          },
          {
            "name": "DSA-3393",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3393"
          },
          {
            "name": "openSUSE-SU-2015:2245",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"
          },
          {
            "name": "SUSE-SU-2015:1978",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-11-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T22:57:01.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "1034069",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034069"
        },
        {
          "name": "DSA-3410",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3410"
        },
        {
          "name": "SUSE-SU-2015:2081",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
        },
        {
          "name": "GLSA-201512-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201512-10"
        },
        {
          "name": "77411",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/77411"
        },
        {
          "name": "SUSE-SU-2015:1981",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1204155"
        },
        {
          "name": "openSUSE-SU-2015:2229",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"
        },
        {
          "name": "RHSA-2015:2519",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-2519.html"
        },
        {
          "name": "USN-2785-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2785-1"
        },
        {
          "name": "SUSE-SU-2015:1926",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
        },
        {
          "name": "RHSA-2015:1982",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1982.html"
        },
        {
          "name": "USN-2819-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2819-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-131.html"
        },
        {
          "name": "openSUSE-SU-2015:1942",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"
        },
        {
          "name": "DSA-3393",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3393"
        },
        {
          "name": "openSUSE-SU-2015:2245",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"
        },
        {
          "name": "SUSE-SU-2015:1978",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2015-7200",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1034069",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034069"
            },
            {
              "name": "DSA-3410",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3410"
            },
            {
              "name": "SUSE-SU-2015:2081",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
            },
            {
              "name": "GLSA-201512-10",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201512-10"
            },
            {
              "name": "77411",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/77411"
            },
            {
              "name": "SUSE-SU-2015:1981",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1204155",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1204155"
            },
            {
              "name": "openSUSE-SU-2015:2229",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"
            },
            {
              "name": "RHSA-2015:2519",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2519.html"
            },
            {
              "name": "USN-2785-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2785-1"
            },
            {
              "name": "SUSE-SU-2015:1926",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "RHSA-2015:1982",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1982.html"
            },
            {
              "name": "USN-2819-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2819-1"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-131.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-131.html"
            },
            {
              "name": "openSUSE-SU-2015:1942",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"
            },
            {
              "name": "DSA-3393",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3393"
            },
            {
              "name": "openSUSE-SU-2015:2245",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"
            },
            {
              "name": "SUSE-SU-2015:1978",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2015-7200",
    "datePublished": "2015-11-05T02:00:00.000Z",
    "dateReserved": "2015-09-16T00:00:00.000Z",
    "dateUpdated": "2024-08-06T07:43:45.440Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2015-AVI-461

Vulnerability from certfr_avis - Published: 2015-11-04 - Updated: 2015-11-04

De multiples vulnérabilités ont été corrigées dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Mozilla Firefox versions antérieures à 42
	Mozilla	Firefox	Mozilla Firefox ESR versions antérieures à 38.4

References

Title

Publication Time

FKIE_CVE-2015-7200

Vulnerability from fkie_nvd - Published: 2015-11-05 05:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html
security@mozilla.org	http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html
security@mozilla.org	http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html
security@mozilla.org	http://rhn.redhat.com/errata/RHSA-2015-1982.html
security@mozilla.org	http://rhn.redhat.com/errata/RHSA-2015-2519.html
security@mozilla.org	http://www.debian.org/security/2015/dsa-3393
security@mozilla.org	http://www.debian.org/security/2015/dsa-3410
security@mozilla.org	http://www.mozilla.org/security/announce/2015/mfsa2015-131.html	Vendor Advisory
security@mozilla.org	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
security@mozilla.org	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
security@mozilla.org	http://www.securityfocus.com/bid/77411
security@mozilla.org	http://www.securitytracker.com/id/1034069
security@mozilla.org	http://www.ubuntu.com/usn/USN-2785-1
security@mozilla.org	http://www.ubuntu.com/usn/USN-2819-1
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1204155
security@mozilla.org	https://security.gentoo.org/glsa/201512-10
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-1982.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-2519.html
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2015/dsa-3393
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2015/dsa-3410
af854a3a-2127-422b-91ae-364da2661108	http://www.mozilla.org/security/announce/2015/mfsa2015-131.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/77411
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034069
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2785-1
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2819-1
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1204155
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201512-10

Impacted products

Vendor	Product	Version
mozilla	firefox	*
mozilla	firefox	38.0
mozilla	firefox	38.0.1
mozilla	firefox	38.0.5
mozilla	firefox	38.1.0
mozilla	firefox	38.1.1
mozilla	firefox	38.2.0
mozilla	firefox	38.2.1
mozilla	firefox	38.3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A741F21D-4095-47E0-AAB4-DDBDAAC5BAB1",
              "versionEndIncluding": "41.0.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "35BF0AFB-26BA-4BEA-B6B8-11CF88E951DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F007CC6-9391-4E1C-A747-F3DE5E572FA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "45E9641F-430C-4B3A-BD63-EC13DBD3D1E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AADD23B-A8AF-4679-990D-C29A1D6EB5CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1343A1FD-98CF-4A6C-A697-1253E538FD5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D098567-B55E-4EAC-8FAA-31FAFDD4058F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE0389BC-D295-4957-8AE7-EDAC770F596D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E75E69A5-AC94-4F35-9EFB-1BFF8B78210D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n de la interfaz CryptoKey en Mozilla Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4 carece de comprobaci\u00f3n de estado, lo que permite a atacantes tener un impacto no especificado a trav\u00e9s de vectores relacionados con una clave criptogr\u00e1fica."
    }
  ],
  "id": "CVE-2015-7200",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-11-05T05:59:24.280",
  "references": [
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1982.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-2519.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.debian.org/security/2015/dsa-3393"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.debian.org/security/2015/dsa-3410"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-131.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.securityfocus.com/bid/77411"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.securitytracker.com/id/1034069"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.ubuntu.com/usn/USN-2785-1"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.ubuntu.com/usn/USN-2819-1"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1204155"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://security.gentoo.org/glsa/201512-10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1982.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-2519.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2015/dsa-3393"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2015/dsa-3410"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-131.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/77411"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034069"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2785-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2819-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1204155"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201512-10"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-17"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-MHM4-C785-RP95

Vulnerability from github – Published: 2022-05-17 03:25 – Updated: 2022-05-17 03:25

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-7200"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-11-05T05:59:00Z",
    "severity": "HIGH"
  },
  "details": "The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key.",
  "id": "GHSA-mhm4-c785-rp95",
  "modified": "2022-05-17T03:25:49Z",
  "published": "2022-05-17T03:25:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7200"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1204155"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201512-10"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1982.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-2519.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2015/dsa-3393"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2015/dsa-3410"
    },
    {
      "type": "WEB",
      "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-131.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/77411"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1034069"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2785-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2819-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2015-07417

Vulnerability from cnvd - Published: 2015-11-11

Title

Mozilla Firefox和Firefox ESR CryptoKey interface实现代码注入漏洞

Description

Mozilla Firefox是一款开源Web浏览器。Firefox ESR是Firefox的一个延长支持版本。 Mozilla Firefox的CryptoKey interface实现过程中存在安全漏洞，允许攻击者利用特殊的密钥进行拒绝服务攻击。

Severity

高

Patch Name

Mozilla Firefox和Firefox ESR CryptoKey interface实现代码注入漏洞的补丁

Patch Description

Mozilla Firefox是一款开源Web浏览器。Firefox ESR是Firefox的一个延长支持版本。 Mozilla Firefox的CryptoKey interface实现过程中存在安全漏洞，允许攻击者利用特殊的密钥进行拒绝服务攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://www.mozilla.org/en-US/security/advisories/mfsa2015-131/

Reference

https://www.mozilla.org/en-US/security/advisories/mfsa2015-131/

Impacted products

Name
['Mozilla Firefox < 42.0', 'Mozilla Firefox ESR 38.x(<38.4)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-7200"
    }
  },
  "description": "Mozilla Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002Firefox ESR\u662fFirefox\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\r\n\r\nMozilla Firefox\u7684CryptoKey interface\u5b9e\u73b0\u8fc7\u7a0b\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u7279\u6b8a\u7684\u5bc6\u94a5\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
  "discovererName": "Ronald Crane",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-131/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-07417",
  "openTime": "2015-11-11",
  "patchDescription": "Mozilla Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002Firefox ESR\u662fFirefox\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\r\nMozilla Firefox\u7684CryptoKey interface\u5b9e\u73b0\u8fc7\u7a0b\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u7279\u6b8a\u7684\u5bc6\u94a5\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Mozilla Firefox\u548cFirefox ESR CryptoKey interface\u5b9e\u73b0\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Mozilla Firefox \u003c 42.0",
      "Mozilla Firefox ESR 38.x(\u003c38.4)"
    ]
  },
  "referenceLink": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-131/",
  "serverity": "\u9ad8",
  "submitTime": "2015-11-07",
  "title": "Mozilla Firefox\u548cFirefox ESR CryptoKey interface\u5b9e\u73b0\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e"
}

GSD-2015-7200

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-7200

Aliases

CVE-2015-7200

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-7200",
    "description": "The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key.",
    "id": "GSD-2015-7200",
    "references": [
      "https://www.suse.com/security/cve/CVE-2015-7200.html",
      "https://www.debian.org/security/2015/dsa-3410",
      "https://www.debian.org/security/2015/dsa-3393",
      "https://access.redhat.com/errata/RHSA-2015:2519",
      "https://access.redhat.com/errata/RHSA-2015:1982",
      "https://ubuntu.com/security/CVE-2015-7200",
      "https://advisories.mageia.org/CVE-2015-7200.html",
      "https://linux.oracle.com/cve/CVE-2015-7200.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-7200"
      ],
      "details": "The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key.",
      "id": "GSD-2015-7200",
      "modified": "2023-12-13T01:20:01.392320Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2015-7200",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1034069",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1034069"
          },
          {
            "name": "DSA-3410",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2015/dsa-3410"
          },
          {
            "name": "SUSE-SU-2015:2081",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
          },
          {
            "name": "GLSA-201512-10",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201512-10"
          },
          {
            "name": "77411",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/77411"
          },
          {
            "name": "SUSE-SU-2015:1981",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"
          },
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1204155",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1204155"
          },
          {
            "name": "openSUSE-SU-2015:2229",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"
          },
          {
            "name": "RHSA-2015:2519",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2015-2519.html"
          },
          {
            "name": "USN-2785-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2785-1"
          },
          {
            "name": "SUSE-SU-2015:1926",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "name": "RHSA-2015:1982",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1982.html"
          },
          {
            "name": "USN-2819-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2819-1"
          },
          {
            "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-131.html",
            "refsource": "CONFIRM",
            "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-131.html"
          },
          {
            "name": "openSUSE-SU-2015:1942",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"
          },
          {
            "name": "DSA-3393",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2015/dsa-3393"
          },
          {
            "name": "openSUSE-SU-2015:2245",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"
          },
          {
            "name": "SUSE-SU-2015:1978",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "41.0.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2015-7200"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-17"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1204155",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1204155"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-131.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-131.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "77411",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/77411"
            },
            {
              "name": "SUSE-SU-2015:1926",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"
            },
            {
              "name": "DSA-3410",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2015/dsa-3410"
            },
            {
              "name": "GLSA-201512-10",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/201512-10"
            },
            {
              "name": "openSUSE-SU-2015:1942",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"
            },
            {
              "name": "RHSA-2015:2519",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2519.html"
            },
            {
              "name": "DSA-3393",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2015/dsa-3393"
            },
            {
              "name": "SUSE-SU-2015:1978",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"
            },
            {
              "name": "openSUSE-SU-2015:2245",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"
            },
            {
              "name": "USN-2785-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2785-1"
            },
            {
              "name": "USN-2819-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2819-1"
            },
            {
              "name": "openSUSE-SU-2015:2229",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"
            },
            {
              "name": "SUSE-SU-2015:2081",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
            },
            {
              "name": "SUSE-SU-2015:1981",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"
            },
            {
              "name": "RHSA-2015:1982",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1982.html"
            },
            {
              "name": "1034069",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1034069"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2016-12-07T18:23Z",
      "publishedDate": "2015-11-05T05:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-7200 (GCVE-0-2015-7200)

CERTFR-2015-AVI-461

Solution

FKIE_CVE-2015-7200

GHSA-MHM4-C785-RP95

CNVD-2015-07417

GSD-2015-7200

Tags

Sightings

Nomenclature