Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.806952
Category:General
Title:Mozilla Firefox Spoofing Vulnerability - Jan16 (Windows)
Summary:Mozilla Firefox is prone to a spoofing vulnerability.
Description:Summary:
Mozilla Firefox is prone to a spoofing vulnerability.

Vulnerability Insight:
The flaw exists due to
Network Security Services (NSS) does not reject MD5 signatures in Server Key
Exchange messages in TLS 1.2 Handshake Protocol traffic.

Vulnerability Impact:
Successful exploitation will allow
man-in-the-middle attackers to spoof servers by triggering a collision.

Affected Software/OS:
Mozilla Firefox version before 43.0.2 on
Windows.

Solution:
Upgrade to Mozilla Firefox version 43.0.2
or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-7575
BugTraq ID: 79684
http://www.securityfocus.com/bid/79684
BugTraq ID: 91787
http://www.securityfocus.com/bid/91787
Debian Security Information: DSA-3436 (Google Search)
http://www.debian.org/security/2016/dsa-3436
Debian Security Information: DSA-3437 (Google Search)
http://www.debian.org/security/2016/dsa-3437
Debian Security Information: DSA-3457 (Google Search)
http://www.debian.org/security/2016/dsa-3457
Debian Security Information: DSA-3458 (Google Search)
http://www.debian.org/security/2016/dsa-3458
Debian Security Information: DSA-3465 (Google Search)
http://www.debian.org/security/2016/dsa-3465
Debian Security Information: DSA-3491 (Google Search)
http://www.debian.org/security/2016/dsa-3491
Debian Security Information: DSA-3688 (Google Search)
http://www.debian.org/security/2016/dsa-3688
https://security.gentoo.org/glsa/201701-46
https://security.gentoo.org/glsa/201706-18
https://security.gentoo.org/glsa/201801-15
RedHat Security Advisories: RHSA-2016:0049
http://rhn.redhat.com/errata/RHSA-2016-0049.html
RedHat Security Advisories: RHSA-2016:0050
http://rhn.redhat.com/errata/RHSA-2016-0050.html
RedHat Security Advisories: RHSA-2016:0053
http://rhn.redhat.com/errata/RHSA-2016-0053.html
RedHat Security Advisories: RHSA-2016:0054
http://rhn.redhat.com/errata/RHSA-2016-0054.html
RedHat Security Advisories: RHSA-2016:0055
http://rhn.redhat.com/errata/RHSA-2016-0055.html
RedHat Security Advisories: RHSA-2016:0056
http://rhn.redhat.com/errata/RHSA-2016-0056.html
RedHat Security Advisories: RHSA-2016:1430
https://access.redhat.com/errata/RHSA-2016:1430
http://www.securitytracker.com/id/1034541
http://www.securitytracker.com/id/1036467
SuSE Security Announcement: SUSE-SU-2016:0256 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
SuSE Security Announcement: SUSE-SU-2016:0265 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html
SuSE Security Announcement: SUSE-SU-2016:0269 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html
SuSE Security Announcement: openSUSE-SU-2015:2405 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-12/msg00139.html
SuSE Security Announcement: openSUSE-SU-2016:0007 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-01/msg00005.html
SuSE Security Announcement: openSUSE-SU-2016:0161 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-01/msg00058.html
SuSE Security Announcement: openSUSE-SU-2016:0162 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-01/msg00059.html
SuSE Security Announcement: openSUSE-SU-2016:0263 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html
SuSE Security Announcement: openSUSE-SU-2016:0268 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html
SuSE Security Announcement: openSUSE-SU-2016:0270 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
SuSE Security Announcement: openSUSE-SU-2016:0272 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html
SuSE Security Announcement: openSUSE-SU-2016:0279 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html
SuSE Security Announcement: openSUSE-SU-2016:0307 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html
SuSE Security Announcement: openSUSE-SU-2016:0308 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html
SuSE Security Announcement: openSUSE-SU-2016:0488 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html
SuSE Security Announcement: openSUSE-SU-2016:0605 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00166.html
http://www.ubuntu.com/usn/USN-2863-1
http://www.ubuntu.com/usn/USN-2864-1
http://www.ubuntu.com/usn/USN-2865-1
http://www.ubuntu.com/usn/USN-2866-1
http://www.ubuntu.com/usn/USN-2884-1
http://www.ubuntu.com/usn/USN-2904-1
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.