CVE-2015-7200

Mozilla Firefox <42.0 - Info Disclosure

Title source: llm
STIX 2.1

Description

The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key.

References (20)

Core 20
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3410
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201512-10
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/77411
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-2519.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1982.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3393
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034069
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1204155
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2785-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2819-1
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html

Scores

EPSS 0.0229
EPSS Percentile 84.9%

Details

CWE
CWE-17
Status published
Products (9)
mozilla/firefox 38.0
mozilla/firefox 38.0.1
mozilla/firefox 38.0.5
mozilla/firefox 38.1.0
mozilla/firefox 38.1.1
mozilla/firefox 38.2.0
mozilla/firefox 38.2.1
mozilla/firefox 38.3.0
mozilla/firefox < 41.0.2
Published Nov 05, 2015
Tracked Since Feb 18, 2026