Detections
Analytics
CVE-2015-7575
medium
Description
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
References
http://www.ubuntu.com/usn/USN-2884-1
http://www.securityfocus.com/bid/91787
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html
http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html
https://security.netapp.com/advisory/ntap-20160225-0001/
https://security.gentoo.org/glsa/201801-15
https://security.gentoo.org/glsa/201706-18
https://security.gentoo.org/glsa/201701-46
https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes
https://bugzilla.mozilla.org/show_bug.cgi?id=1158489
https://access.redhat.com/errata/RHSA-2016:1430
http://www.ubuntu.com/usn/USN-2904-1
http://www.ubuntu.com/usn/USN-2866-1
http://www.ubuntu.com/usn/USN-2865-1
http://www.ubuntu.com/usn/USN-2864-1
http://www.ubuntu.com/usn/USN-2863-1
http://www.securitytracker.com/id/1036467
http://www.securitytracker.com/id/1034541
http://www.securityfocus.com/bid/79684
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.mozilla.org/security/announce/2015/mfsa2015-150.html
http://www.debian.org/security/2016/dsa-3688
http://www.debian.org/security/2016/dsa-3491
http://www.debian.org/security/2016/dsa-3465
http://www.debian.org/security/2016/dsa-3458
http://www.debian.org/security/2016/dsa-3457
http://www.debian.org/security/2016/dsa-3437
http://www.debian.org/security/2016/dsa-3436
http://rhn.redhat.com/errata/RHSA-2016-0056.html
http://rhn.redhat.com/errata/RHSA-2016-0055.html
http://rhn.redhat.com/errata/RHSA-2016-0054.html
http://rhn.redhat.com/errata/RHSA-2016-0053.html
http://rhn.redhat.com/errata/RHSA-2016-0050.html
http://rhn.redhat.com/errata/RHSA-2016-0049.html
http://lists.opensuse.org/opensuse-updates/2016-02/msg00166.html
http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html
http://lists.opensuse.org/opensuse-updates/2016-01/msg00059.html
http://lists.opensuse.org/opensuse-updates/2016-01/msg00058.html
http://lists.opensuse.org/opensuse-updates/2016-01/msg00005.html
http://lists.opensuse.org/opensuse-updates/2015-12/msg00139.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html