CVE-2015-2721

Priority
Description
Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla
Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1,
Thunderbird before 38.1, and other products, does not properly determine
state transitions for the TLS state machine, which allows man-in-the-middle
attackers to defeat cryptographic protection mechanisms by blocking
messages, as demonstrated by removing a forward-secrecy property by
blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue.
Notes
Package
Upstream:released (39.0)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [39.0+build5-0ubuntu0.14.04.1])
Package
Source: nss (LP Ubuntu Debian)
Upstream:released (2:3.19.1-1)
Ubuntu 14.04 ESM (Trusty Tahr):released (2:3.19.2-0ubuntu0.14.04.1)
Package
Priority: Low
Upstream:released (31.8)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [1:31.8.0+build1-0ubuntu0.14.04.1])
More Information

Updated: 2020-03-18 22:38:07 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)