Oracle Solaris 11: CVE-2015-7183: Vulnerability in Firefox, Thunderbird
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | November 05, 2015 | May 29, 2017 | May 29, 2017 |
Description
Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
Solution
oracle-solaris-11-3-upgrade-database-sqlite-3-3-9-2-0-175-3-8-0-2-0Related Vulnerabilities
- Gentoo Linux: CVE-2015-7183: Mozilla Products: Multiple vulnerabilities
- Ubuntu: (Multiple Advisories) (CVE-2016-3606): OpenJDK 6 vulnerabilities
- Java CPU July 2016 Java SE, Java SE Embedded Libraries vulnerability (CVE-2016-3598)
- Red Hat: CVE-2016-2108: Important: openssl security update ((Multiple Advisories))
- HP-UX: CVE-2015-1793: OpenSSL Vulnerability (Alternative Chain Certificate Forgery)
- Ubuntu: USN-2959-1 (CVE-2016-2105): OpenSSL vulnerabilities
- Oracle Linux: (CVE-2016-3587) ELSA-2016-1458: java-1.8.0-openjdk security update
- Red Hat: CVE-2016-3521: Important: mariadb security update (RHSA-2016:1602)
- CentOS: (CVE-2016-3521) CESA-2016:1602: mariadb
- SUSE: CVE-2016-1978: SUSE Linux Security Advisory
- OS X update for Admin Framework (CVE-2015-4000)
- Amazon Linux AMI: CVE-2016-5440: Security patch for mysql55 ((Multiple Advisories))
- MFSA2015-70 SeaMonkey: NSS accepts export-length DHE keys with regular DHE cipher suites (CVE-2015-4000)
- Ubuntu: USN-2883-1 (CVE-2016-0701): OpenSSL vulnerability
- OS X update for apache (CVE-2015-1790)
- F5 Networks: K16864 (CVE-2015-2808): SSL/TLS RC4 vulnerability CVE-2015-2808
- Palo Alto Networks (Multiple Advisories) (CVE-2015-1792): OpenSSL Vulnerabilities
- Gentoo Linux: CVE-2015-3237: cURL: Multiple vulnerabilities
- SUSE: CVE-2015-5600: SUSE Linux Security Advisory
- Gentoo Linux: CVE-2016-1978: Mozilla Products: Multiple vulnerabilities
- HP Systems Insight Manager - HPSBMU03394 (CVE-2015-1791): Linux and Windows, Multiple Vulnerabilities
- CentOS: (CVE-2016-0800) (Multiple Advisories): openssl098e
- SUSE: CVE-2016-3458: SUSE Linux Security Advisory
- Debian: CVE-2016-3521: mariadb-10.0 -- security update
- F5 Networks: K25075696 (CVE-2016-3500): Oracle Java vulnerability CVE-2016-3500
- Alpine Linux: CVE-2016-2106: openssl Multiple vulnerabilities
- OpenSSL Memory corruption in the ASN.1 encoder (CVE-2016-2108)
- Java CPU July 2016 Java SE, Java SE Embedded Hotspot vulnerability (CVE-2016-3550)
- SUSE: CVE-2016-3501: SUSE Linux Security Advisory
- Oracle Solaris 11: CVE-2015-3236: Vulnerability in libcurl
- Amazon Linux AMI: CVE-2016-3459: Security patch for mysql56 (ALAS-2016-737)
- F5 Networks: K31026324 (CVE-2015-8104): Linux kernel vulnerabilities CVE-2015-2925, CVE-2015-5307, and CVE-2015-8104
- IBM AIX: java_april2015_advisory, rc4_advisory (CVE-2015-2808): Vulnerability in IBM Java SDK affects AIX
- Debian: CVE-2016-0797: openssl -- security update
- Oracle Solaris 11: CVE-2015-1788: Vulnerability in OpenSSL
- Debian: CVE-2015-7182: nss -- security update
- Huawei EulerOS: CVE-2016-4052: squid security update
- Huawei EulerOS: CVE-2016-3521: mariadb security update
- CentOS: (CVE-2016-3606) (Multiple Advisories): java-1.6.0-openjdk
- FreeBSD: FreeBSD -- Multiple OpenSSL vulnerabilities (FreeBSD-SA-16:12.openssl) (Multiple CVEs)
- Amazon Linux AMI: CVE-2016-0797: Security patch for openssl (ALAS-2016-661)
- Huawei EulerOS: CVE-2016-3610: java-1.7.0-openjdk security update
- MFSA2015-133 Firefox: NSS and NSPR memory corruption issues (CVE-2015-7182)
- Gentoo Linux: CVE-2015-0204: OpenSSL: Multiple vulnerabilities
- FreeBSD: node -- multiple vulnerabilities (Multiple CVEs)
- Apache HTTPD: mod_lua: Crash in websockets PING handling (CVE-2015-0228)
- Oracle Linux: (CVE-2016-2109) (Multiple Advisories): openssl security update
- Oracle Solaris 11: CVE-2016-5444: Vulnerability in MySQL
- Ubuntu: USN-3040-1 (CVE-2016-5437): MySQL vulnerabilities
- Amazon Linux AMI: CVE-2016-4051: Security patch for squid ((Multiple Advisories))
- Amazon Linux AMI: CVE-2016-4052: Security patch for squid (ALAS-2016-713)
- FreeBSD: openssl -- multiple vulnerabilities (FreeBSD-SA-15:26.openssl) (Multiple CVEs)
- FreeBSD: apache22 -- chunk header parsing defect (CVE-2015-3183)
- Ubuntu: USN-2830-1 (CVE-2015-3193): OpenSSL vulnerabilities
- Ubuntu: USN-2959-1 (CVE-2016-2106): OpenSSL vulnerabilities
- HP-UX: CVE-2015-1790: OpenSSL Vulnerability (PKCS7 crash with missing EnvelopedContent)
- Amazon Linux AMI: CVE-2016-3458: Security patch for java-1.6.0-openjdk ((Multiple Advisories))
- Oracle Linux: (CVE-2016-3550) (Multiple Advisories): java-1.6.0-openjdk security update
- Ubuntu: (Multiple Advisories) (CVE-2015-7181): Thunderbird vulnerabilities
- Gentoo Linux: CVE-2016-0799: OpenSSL: Multiple vulnerabilities
- SUSE: CVE-2016-3511: SUSE Linux Security Advisory
- Cisco SAN-OS: Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products (CVE-2016-0701)
- SUSE: CVE-2015-0228: SUSE Linux Security Advisory
- SUSE: CVE-2015-7182: SUSE Linux Security Advisory
- Cisco ASA: CVE-2015-3194: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products December 2015 (cisco-sa-20151204-openssl)
- HP-UX: CVE-2015-1791: OpenSSL Vulnerability (Race condition handling NewSessionTicket)
- IBM AIX: openssl_advisory20 (CVE-2016-2108): Vulnerabilities in OpenSSL affects AIX
- Gentoo Linux: CVE-2016-3598: Oracle JRE/JDK: Multiple vulnerabilities
- Oracle Solaris 11: CVE-2016-5469: Vulnerability in Kernel
- Apache Struts: CVE-2016-1182: XSS and denial of service
- F5 Networks: K16915 (CVE-2015-1792): OpenSSL vulnerability CVE-2015-1792
- SUSE: CVE-2016-0799: SUSE Linux Security Advisory
- Huawei EulerOS: CVE-2016-3452: mariadb security update
- Oracle Linux: (CVE-2016-3615) ELSA-2016-1602: mariadb security update
- Juniper Junos OS: 2015-05 Out of Cycle Security Bulletin: "Logjam" passive attack on sub-1024 DH groups, and active downgrade attack of TLS to DHE_EXPORT (JSA10681) (CVE-2015-4000)
- Red Hat: CVE-2016-2105: Important: openssl security update ((Multiple Advisories))
- F5 Networks: K16124 (CVE-2015-0206): OpenSSL vulnerability CVE-2015-0206
- Red Hat: CVE-2016-5440: Important: mariadb security update (RHSA-2016:1602)
- CentOS: (CVE-2016-4053) (Multiple Advisories): squid34
- Alpine Linux: CVE-2016-2105: openssl Multiple vulnerabilities
- OpenSSL PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
- MFSA2015-150 Thunderbird: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (CVE-2015-7575)
- HP Systems Insight Manager - HPSBMU03394 (CVE-2015-1789): Linux and Windows, Multiple Vulnerabilities
- Red Hat: CVE-2016-2106: Important: openssl security update ((Multiple Advisories))
- Oracle MySQL Vulnerability: CVE-2016-3614
- Juniper Junos OS: 2018-04 Security Bulletin: OpenSSL Security Advisory [07 Dec 2017] (JSA10851) (multiple CVEs)
- Amazon Linux AMI: CVE-2016-3452: Security patch for mysql55 (ALAS-2016-738)
- Sun Patch: SunOS 5.10: OpenSSL 0.9.7 patch
- OS X update for OpenSSL (CVE-2015-1791)
- Gentoo Linux: CVE-2016-2108: OpenSSL: Multiple vulnerabilities
- Oracle Solaris 11: CVE-2016-5437: Vulnerability in MySQL
- Debian: CVE-2016-0798: openssl -- security update
- Oracle Linux: (CVE-2016-4052) (Multiple Advisories): squid security, bug fix, and enhancement update
- IBM WebSphere Application Server: CVE-2015-7575: IBM Multiple vulnerabilities in IBM® Java SDK affect WebSphere Application Server January 2016 CPU (CVE-2016-0475, CVE-2016-0466, CVE-2015-7575, CVE-2016-0448)
- CentOS: (CVE-2015-7575) (Multiple Advisories): java-1.7.0-openjdk
- Gentoo Linux: CVE-2016-3511: Oracle JRE/JDK: Multiple vulnerabilities
- HP-UX: CVE-2015-0204: Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilites.
- Oracle Solaris 11: CVE-2015-4000: Vulnerability in LFTP, OpenSSL, Thunderbird
- OS X update for LibreSSL (CVE-2016-2109)
- Oracle Solaris 11: CVE-2016-3614: Vulnerability in MySQL