CVE-2015-7200
Mozilla: Vulnerabilities found through code inspection (MFSA 2015-131)
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key.
La implementación de la interfaz CryptoKey en Mozilla Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4 carece de comprobación de estado, lo que permite a atacantes tener un impacto no especificado a través de vectores relacionados con una clave criptográfica.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-09-16 CVE Reserved
- 2015-11-05 CVE Published
- 2024-08-06 CVE Updated
- 2024-11-29 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-17: DEPRECATED: Code
CAPEC
References (22)
| URL | Tag | Source |
|---|---|---|
| http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/77411 | Vdb Entry | |
| http://www.securitytracker.com/id/1034069 | Vdb Entry | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1204155 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 41.0.2 Search vendor "Mozilla" for product "Firefox" and version " <= 41.0.2" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.0 Search vendor "Mozilla" for product "Firefox Esr" and version "38.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.0.1 Search vendor "Mozilla" for product "Firefox Esr" and version "38.0.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.0.5 Search vendor "Mozilla" for product "Firefox Esr" and version "38.0.5" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.1.0 Search vendor "Mozilla" for product "Firefox Esr" and version "38.1.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.1.1 Search vendor "Mozilla" for product "Firefox Esr" and version "38.1.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.2.0 Search vendor "Mozilla" for product "Firefox Esr" and version "38.2.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.2.1 Search vendor "Mozilla" for product "Firefox Esr" and version "38.2.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.3.0 Search vendor "Mozilla" for product "Firefox Esr" and version "38.3.0" | - |
Affected
| ||||||