CVE-2015-2721 (retired)

Priority
Description
Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla
Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1,
Thunderbird before 38.1, and other products, does not properly determine
state transitions for the TLS state machine, which allows man-in-the-middle
attackers to defeat cryptographic protection mechanisms by blocking
messages, as demonstrated by removing a forward-secrecy property by
blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue.
Package
Upstream:released (39.0)
Ubuntu 14.04 LTS (Trusty Tahr):released (39.0+build5-0ubuntu0.14.04.1)
Package
Source: nss (LP Ubuntu Debian)
Upstream:released (2:3.19.1-1)
Ubuntu 14.04 LTS (Trusty Tahr):released (2:3.19.2-0ubuntu0.14.04.1)
Package
Priority: Low
Upstream:released (31.8)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:31.8.0+build1-0ubuntu0.14.04.1)
More Information

Updated: 2019-03-26 12:14:53 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)