CVE-2015-7183
Published: 4 November 2015
Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
Priority
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
precise |
Released
(42.0+build2-0ubuntu0.12.04.1)
|
upstream |
Released
(42.0)
|
|
vivid |
Released
(42.0+build2-0ubuntu0.15.04.1)
|
|
wily |
Released
(42.0+build2-0ubuntu0.15.10.1)
|
|
xenial |
Released
(42.0+build2-0ubuntu1)
|
|
yakkety |
Released
(42.0+build2-0ubuntu1)
|
|
zesty |
Released
(42.0+build2-0ubuntu1)
|
|
trusty |
Released
(42.0+build2-0ubuntu0.14.04.1)
|
|
nspr Launchpad, Ubuntu, Debian |
precise |
Released
(4.10.10-0ubuntu0.12.04.1)
|
trusty |
Released
(2:4.10.10-0ubuntu0.14.04.1)
|
|
upstream |
Released
(4.10.10)
|
|
vivid |
Released
(2:4.10.10-0ubuntu0.15.04.1)
|
|
wily |
Released
(2:4.10.10-0ubuntu0.15.10.1)
|
|
xenial |
Not vulnerable
(2:4.10.10-1ubuntu1)
|
|
yakkety |
Not vulnerable
(2:4.10.10-1ubuntu1)
|
|
zesty |
Not vulnerable
(2:4.10.10-1ubuntu1)
|
|
Patches: upstream: http://hg.mozilla.org/projects/nspr/rev/c9c965b2b19c upstream: http://hg.mozilla.org/projects/nspr/rev/bd8fb4498fa6 |
||
thunderbird Launchpad, Ubuntu, Debian |
upstream |
Released
(38.4.0)
|
vivid |
Released
(1:38.4.0+build3-0ubuntu0.15.04.1)
|
|
wily |
Released
(1:38.4.0+build3-0ubuntu0.15.10.1)
|
|
xenial |
Released
(1:38.4.0+build3-0ubuntu1)
|
|
yakkety |
Released
(1:38.4.0+build3-0ubuntu1)
|
|
zesty |
Released
(1:38.4.0+build3-0ubuntu1)
|
|
precise |
Released
(1:38.4.0+build3-0ubuntu0.12.04.1)
|
|
trusty |
Released
(1:38.4.0+build3-0ubuntu0.14.04.1)
|
|
virtualbox Launchpad, Ubuntu, Debian |
upstream |
Released
(5.0.14-dfsg-1)
|
vivid |
Released
(4.3.36-dfsg-1+deb8u1ubuntu1.15.04.1)
|
|
wily |
Released
(5.0.14-dfsg-0ubuntu1.15.10.1)
|
|
xenial |
Not vulnerable
(5.0.14-dfsg-1)
|
|
yakkety |
Not vulnerable
(5.0.14-dfsg-1)
|
|
zesty |
Not vulnerable
(5.0.14-dfsg-1)
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Released
(4.3.36-dfsg-1+deb8u1ubuntu1.14.04.1)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-133/
- https://ubuntu.com/security/notices/USN-2790-1
- https://ubuntu.com/security/notices/USN-2785-1
- https://ubuntu.com/security/notices/USN-2819-1
- NVD
- Launchpad
- Debian