CVE-2015-2721 (retired)

Priority
Description
Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla
Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1,
Thunderbird before 38.1, and other products, does not properly determine
state transitions for the TLS state machine, which allows man-in-the-middle
attackers to defeat cryptographic protection mechanisms by blocking
messages, as demonstrated by removing a forward-secrecy property by
blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue.
Notes
Package
Upstream:released (39.0)
Package
Source: nss (LP Ubuntu Debian)
Upstream:released (2:3.19.1-1)
Package
Priority: Low
Upstream:released (31.8)
More Information

Updated: 2019-10-09 07:52:37 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)