[FREEBSD:10F7BC76-0335-4A88-B391-0B05B3A8CE1C] NSS -- MD5 downgrade in TLS 1.2 signatures
Severity
Medium
Affected Packages
4
CVEs
1
The Mozilla Project reports:
Security researcher Karthikeyan Bhargavan reported an
issue in Network Security Services (NSS) where MD5
signatures in the server signature within the TLS 1.2
ServerKeyExchange message are still accepted. This is an
issue since NSS has officially disallowed the accepting MD5
as a hash algorithm in signatures since 2011. This issues
exposes NSS based clients such as Firefox to theoretical
collision-based forgery attacks.
Package | Affected Version |
---|---|
pkg:freebsd/nss | < 3.20.2 |
pkg:freebsd/linux-thunderbird | < 38.5.1 |
pkg:freebsd/linux-seamonkey | < 2.40 |
pkg:freebsd/linux-firefox | < 43.0.2,1 |
- ID
- FREEBSD:10F7BC76-0335-4A88-B391-0B05B3A8CE1C
- Severity
- medium
- Severity from
- CVE-2015-7575
- URL
- http://vuxml.freebsd.org/freebsd/10f7bc76-0335-4a88-b391-0b05b3a8ce1c.html
- Published
-
2015-12-22T00:00:00
(8 years ago) - Modified
-
2015-12-28T00:00:00
(8 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
-
- ALAS-2016-643
- ALAS-2016-645
- ALAS-2016-647
- ALAS-2016-651
- ALAS-2016-661
- DSA-3436-1
- DSA-3437-1
- DSA-3457-1
- DSA-3458-1
- DSA-3465-1
- DSA-3491-1
- DSA-3688-1
- ELSA-2016-0007
- ELSA-2016-0008
- ELSA-2016-0012
- ELSA-2016-0049
- ELSA-2016-0050
- ELSA-2016-0053
- ELSA-2016-0054
- GLSA-201605-06
- GLSA-201701-46
- GLSA-201706-18
- GLSA-201801-15
- RHSA-2016:0007
- RHSA-2016:0008
- RHSA-2016:0012
- RHSA-2016:0049
- RHSA-2016:0050
- RHSA-2016:0053
- RHSA-2016:0054
- RHSA-2016:0098
- RHSA-2016:0099
- RHSA-2016:0101
- SUSE-SU-2016:0149-1
- SUSE-SU-2016:0189-1
- SUSE-SU-2016:0256-1
- SUSE-SU-2016:0265-1
- SUSE-SU-2016:0269-1
- SUSE-SU-2016:0390-1
- SUSE-SU-2016:0399-1
- SUSE-SU-2016:0401-1
- SUSE-SU-2016:0428-1
- SUSE-SU-2016:0431-1
- SUSE-SU-2016:0433-1
- SUSE-SU-2016:0584-1
- SUSE-SU-2016:0636-1
- SUSE-SU-2016:0770-1
- USN-2863-1
- USN-2864-1
- USN-2865-1
- USN-2866-1
- USN-2884-1
- USN-2904-1
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | https://www.mozilla.org/security/advisories/mfsa2015-150/ | ||
FreeBSD VuXML | https://hg.mozilla.org/projects/nss/rev/94e1157f3fbb |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:freebsd/nss | nss | < 3.20.2 | ||||
Affected | pkg:freebsd/linux-thunderbird | linux-thunderbird | < 38.5.1 | ||||
Affected | pkg:freebsd/linux-seamonkey | linux-seamonkey | < 2.40 | ||||
Affected | pkg:freebsd/linux-firefox | linux-firefox | < 43.0.2,1 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |