Back to search

Oracle Solaris 11: CVE-2015-7183: Vulnerability in Firefox, Thunderbird

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	November 05, 2015	May 29, 2017	May 29, 2017

Description

Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

Free InsightVM Trial

References

BID-77415
BID-91787
CVE-2015-7183
DEBIAN-DSA-3393
DEBIAN-DSA-3406
REDHAT-RHSA-2015:1980
REDHAT-RHSA-2015:1981
URL: https://support.oracle.com/epmos/faces/DocumentDisplay?id=1448883.1&displayIndex=1

Solution

oracle-solaris-11-3-upgrade-database-sqlite-3-3-9-2-0-175-3-8-0-2-0

Related Vulnerabilities

Gentoo Linux: CVE-2015-7183: Mozilla Products: Multiple vulnerabilities
Ubuntu: (Multiple Advisories) (CVE-2016-3606): OpenJDK 6 vulnerabilities
Java CPU July 2016 Java SE, Java SE Embedded Libraries vulnerability (CVE-2016-3598)
Red Hat: CVE-2016-2108: Important: openssl security update ((Multiple Advisories))
HP-UX: CVE-2015-1793: OpenSSL Vulnerability (Alternative Chain Certificate Forgery)
Ubuntu: USN-2959-1 (CVE-2016-2105): OpenSSL vulnerabilities
Oracle Linux: (CVE-2016-3587) ELSA-2016-1458: java-1.8.0-openjdk security update
Red Hat: CVE-2016-3521: Important: mariadb security update (RHSA-2016:1602)
CentOS: (CVE-2016-3521) CESA-2016:1602: mariadb
SUSE: CVE-2016-1978: SUSE Linux Security Advisory
OS X update for Admin Framework (CVE-2015-4000)
Amazon Linux AMI: CVE-2016-5440: Security patch for mysql55 ((Multiple Advisories))
MFSA2015-70 SeaMonkey: NSS accepts export-length DHE keys with regular DHE cipher suites (CVE-2015-4000)
Ubuntu: USN-2883-1 (CVE-2016-0701): OpenSSL vulnerability
OS X update for apache (CVE-2015-1790)
F5 Networks: K16864 (CVE-2015-2808): SSL/TLS RC4 vulnerability CVE-2015-2808
Palo Alto Networks (Multiple Advisories) (CVE-2015-1792): OpenSSL Vulnerabilities
Gentoo Linux: CVE-2015-3237: cURL: Multiple vulnerabilities
SUSE: CVE-2015-5600: SUSE Linux Security Advisory
Gentoo Linux: CVE-2016-1978: Mozilla Products: Multiple vulnerabilities
HP Systems Insight Manager - HPSBMU03394 (CVE-2015-1791): Linux and Windows, Multiple Vulnerabilities
CentOS: (CVE-2016-0800) (Multiple Advisories): openssl098e
SUSE: CVE-2016-3458: SUSE Linux Security Advisory
Debian: CVE-2016-3521: mariadb-10.0 -- security update
F5 Networks: K25075696 (CVE-2016-3500): Oracle Java vulnerability CVE-2016-3500
Alpine Linux: CVE-2016-2106: openssl Multiple vulnerabilities
OpenSSL Memory corruption in the ASN.1 encoder (CVE-2016-2108)
Java CPU July 2016 Java SE, Java SE Embedded Hotspot vulnerability (CVE-2016-3550)
SUSE: CVE-2016-3501: SUSE Linux Security Advisory
Oracle Solaris 11: CVE-2015-3236: Vulnerability in libcurl
Amazon Linux AMI: CVE-2016-3459: Security patch for mysql56 (ALAS-2016-737)
F5 Networks: K31026324 (CVE-2015-8104): Linux kernel vulnerabilities CVE-2015-2925, CVE-2015-5307, and CVE-2015-8104
IBM AIX: java_april2015_advisory, rc4_advisory (CVE-2015-2808): Vulnerability in IBM Java SDK affects AIX
Debian: CVE-2016-0797: openssl -- security update
Oracle Solaris 11: CVE-2015-1788: Vulnerability in OpenSSL
Debian: CVE-2015-7182: nss -- security update
Huawei EulerOS: CVE-2016-4052: squid security update
Huawei EulerOS: CVE-2016-3521: mariadb security update
CentOS: (CVE-2016-3606) (Multiple Advisories): java-1.6.0-openjdk
FreeBSD: FreeBSD -- Multiple OpenSSL vulnerabilities (FreeBSD-SA-16:12.openssl) (Multiple CVEs)
Amazon Linux AMI: CVE-2016-0797: Security patch for openssl (ALAS-2016-661)
Huawei EulerOS: CVE-2016-3610: java-1.7.0-openjdk security update
MFSA2015-133 Firefox: NSS and NSPR memory corruption issues (CVE-2015-7182)
Gentoo Linux: CVE-2015-0204: OpenSSL: Multiple vulnerabilities
FreeBSD: node -- multiple vulnerabilities (Multiple CVEs)
Apache HTTPD: mod_lua: Crash in websockets PING handling (CVE-2015-0228)
Oracle Linux: (CVE-2016-2109) (Multiple Advisories): openssl security update
Oracle Solaris 11: CVE-2016-5444: Vulnerability in MySQL
Ubuntu: USN-3040-1 (CVE-2016-5437): MySQL vulnerabilities
Amazon Linux AMI: CVE-2016-4051: Security patch for squid ((Multiple Advisories))
Amazon Linux AMI: CVE-2016-4052: Security patch for squid (ALAS-2016-713)
FreeBSD: openssl -- multiple vulnerabilities (FreeBSD-SA-15:26.openssl) (Multiple CVEs)
FreeBSD: apache22 -- chunk header parsing defect (CVE-2015-3183)
Ubuntu: USN-2830-1 (CVE-2015-3193): OpenSSL vulnerabilities
Ubuntu: USN-2959-1 (CVE-2016-2106): OpenSSL vulnerabilities
HP-UX: CVE-2015-1790: OpenSSL Vulnerability (PKCS7 crash with missing EnvelopedContent)
Amazon Linux AMI: CVE-2016-3458: Security patch for java-1.6.0-openjdk ((Multiple Advisories))
Oracle Linux: (CVE-2016-3550) (Multiple Advisories): java-1.6.0-openjdk security update
Ubuntu: (Multiple Advisories) (CVE-2015-7181): Thunderbird vulnerabilities
Gentoo Linux: CVE-2016-0799: OpenSSL: Multiple vulnerabilities
SUSE: CVE-2016-3511: SUSE Linux Security Advisory
Cisco SAN-OS: Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products (CVE-2016-0701)
SUSE: CVE-2015-0228: SUSE Linux Security Advisory
SUSE: CVE-2015-7182: SUSE Linux Security Advisory
Cisco ASA: CVE-2015-3194: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products December 2015 (cisco-sa-20151204-openssl)
HP-UX: CVE-2015-1791: OpenSSL Vulnerability (Race condition handling NewSessionTicket)
IBM AIX: openssl_advisory20 (CVE-2016-2108): Vulnerabilities in OpenSSL affects AIX
Gentoo Linux: CVE-2016-3598: Oracle JRE/JDK: Multiple vulnerabilities
Oracle Solaris 11: CVE-2016-5469: Vulnerability in Kernel
Apache Struts: CVE-2016-1182: XSS and denial of service
F5 Networks: K16915 (CVE-2015-1792): OpenSSL vulnerability CVE-2015-1792
SUSE: CVE-2016-0799: SUSE Linux Security Advisory
Huawei EulerOS: CVE-2016-3452: mariadb security update
Oracle Linux: (CVE-2016-3615) ELSA-2016-1602: mariadb security update
Juniper Junos OS: 2015-05 Out of Cycle Security Bulletin: "Logjam" passive attack on sub-1024 DH groups, and active downgrade attack of TLS to DHE_EXPORT (JSA10681) (CVE-2015-4000)
Red Hat: CVE-2016-2105: Important: openssl security update ((Multiple Advisories))
F5 Networks: K16124 (CVE-2015-0206): OpenSSL vulnerability CVE-2015-0206
Red Hat: CVE-2016-5440: Important: mariadb security update (RHSA-2016:1602)
CentOS: (CVE-2016-4053) (Multiple Advisories): squid34
Alpine Linux: CVE-2016-2105: openssl Multiple vulnerabilities
OpenSSL PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
MFSA2015-150 Thunderbird: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (CVE-2015-7575)
HP Systems Insight Manager - HPSBMU03394 (CVE-2015-1789): Linux and Windows, Multiple Vulnerabilities
Red Hat: CVE-2016-2106: Important: openssl security update ((Multiple Advisories))
Oracle MySQL Vulnerability: CVE-2016-3614
Juniper Junos OS: 2018-04 Security Bulletin: OpenSSL Security Advisory [07 Dec 2017] (JSA10851) (multiple CVEs)
Amazon Linux AMI: CVE-2016-3452: Security patch for mysql55 (ALAS-2016-738)
Sun Patch: SunOS 5.10: OpenSSL 0.9.7 patch
OS X update for OpenSSL (CVE-2015-1791)
Gentoo Linux: CVE-2016-2108: OpenSSL: Multiple vulnerabilities
Oracle Solaris 11: CVE-2016-5437: Vulnerability in MySQL
Debian: CVE-2016-0798: openssl -- security update
Oracle Linux: (CVE-2016-4052) (Multiple Advisories): squid security, bug fix, and enhancement update
IBM WebSphere Application Server: CVE-2015-7575: IBM Multiple vulnerabilities in IBM® Java SDK affect WebSphere Application Server January 2016 CPU (CVE-2016-0475, CVE-2016-0466, CVE-2015-7575, CVE-2016-0448)
CentOS: (CVE-2015-7575) (Multiple Advisories): java-1.7.0-openjdk
Gentoo Linux: CVE-2016-3511: Oracle JRE/JDK: Multiple vulnerabilities
HP-UX: CVE-2015-0204: Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilites.
Oracle Solaris 11: CVE-2015-4000: Vulnerability in LFTP, OpenSSL, Thunderbird
OS X update for LibreSSL (CVE-2016-2109)
Oracle Solaris 11: CVE-2016-3614: Vulnerability in MySQL

Vulnerability & Exploit Database

Oracle Solaris 11: CVE-2015-7183: Vulnerability in Firefox, Thunderbird

Description

Scan For This Vulnerability

References

Solution

Related Vulnerabilities

Legal

Resources & Help

Connect With Us

Stay in touch:

Quick Cookie Notification

Vulnerability & Exploit Database

Oracle Solaris 11: CVE-2015-7183: Vulnerability in Firefox, Thunderbird

Description

Scan For This Vulnerability

References

Solution

Related Vulnerabilities

Legal

Resources & Help

Connect With Us

Stay in touch: