CVE-2015-2730

Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.

• CWE-310

• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.htmlThird Party Advisory
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.htmlThird Party Advisory
• http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
• http://rhn.redhat.com/errata/RHSA-2015-1664.html
• http://rhn.redhat.com/errata/RHSA-2015-1699.html
• http://www.debian.org/security/2015/dsa-3336
• http://www.mozilla.org/security/announce/2015/mfsa2015-64.htmlVendor Advisory
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
• http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlThird Party Advisory
• http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlThird Party Advisory
• http://www.securityfocus.com/bid/75541
• http://www.securityfocus.com/bid/83399
• http://www.securitytracker.com/id/1032783
• http://www.ubuntu.com/usn/USN-2656-1
• http://www.ubuntu.com/usn/USN-2656-2
• http://www.ubuntu.com/usn/USN-2672-1
• https://bugzilla.mozilla.org/show_bug.cgi?id=1125025Issue Tracking
• https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notesVendor Advisory
• https://security.gentoo.org/glsa/201512-10
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.htmlThird Party Advisory
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.htmlThird Party Advisory
• http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
• http://rhn.redhat.com/errata/RHSA-2015-1664.html
• http://rhn.redhat.com/errata/RHSA-2015-1699.html
• http://www.debian.org/security/2015/dsa-3336
• http://www.mozilla.org/security/announce/2015/mfsa2015-64.htmlVendor Advisory
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
• http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlThird Party Advisory
• http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlThird Party Advisory
• http://www.securityfocus.com/bid/75541
• http://www.securityfocus.com/bid/83399
• http://www.securitytracker.com/id/1032783
• http://www.ubuntu.com/usn/USN-2656-1
• http://www.ubuntu.com/usn/USN-2656-2
• http://www.ubuntu.com/usn/USN-2672-1
• https://bugzilla.mozilla.org/show_bug.cgi?id=1125025Issue Tracking
• https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notesVendor Advisory
• https://security.gentoo.org/glsa/201512-10

Published

Jul 6, 2015

Last Modified

Jun 17, 2026

Status

Modified