icon

We found results for “

CVE-2015-7575

Good to know:

icon

Date: January 8, 2016

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.

Language: C

Severity Score

Related Resources (56)

Severity Score

Weakness Type (CWE)

Data Handling

CWE-19

Top Fix

icon

Upgrade Version

Upgrade to version Mozilla Network Security Services - 3.20.2;Mozilla Firefox - 43.0.2;Firefox ESR - 38.5.2

Learn More

CVSS v3

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us