{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2015-12-22T00:00:00.000Z","descriptions":[{"lang":"en","value":"Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-01-15T10:57:01.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"DSA-3688","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2016/dsa-3688"},{"name":"DSA-3457","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2016/dsa-3457"},{"name":"DSA-3491","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2016/dsa-3491"},{"name":"openSUSE-SU-2016:0272","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"},{"name":"1036467","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1036467"},{"name":"GLSA-201701-46","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"https://security.gentoo.org/glsa/201701-46"},{"name":"openSUSE-SU-2016:0279","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"},{"name":"openSUSE-SU-2016:0161","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-updates/2016-01/msg00058.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"},{"name":"USN-2884-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-2884-1"},{"name":"79684","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/79684"},{"name":"DSA-3465","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2016/dsa-3465"},{"tags":["x_refsource_CONFIRM"],"url":"https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"},{"name":"RHSA-2016:1430","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2016:1430"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1158489"},{"name":"RHSA-2016:0049","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2016-0049.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"name":"openSUSE-SU-2016:0270","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"},{"name":"openSUSE-SU-2016:0308","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"},{"name":"DSA-3437","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2016/dsa-3437"},{"name":"RHSA-2016:0053","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2016-0053.html"},{"name":"USN-2904-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-2904-1"},{"name":"openSUSE-SU-2015:2405","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00139.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://security.netapp.com/advisory/ntap-20160225-0001/"},{"name":"SUSE-SU-2016:0269","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"},{"name":"DSA-3436","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2016/dsa-3436"},{"name":"openSUSE-SU-2016:0263","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"},{"name":"USN-2866-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-2866-1"},{"name":"SUSE-SU-2016:0256","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"},{"name":"91787","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/91787"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.mozilla.org/security/announce/2015/mfsa2015-150.html"},{"name":"RHSA-2016:0055","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2016-0055.html"},{"name":"GLSA-201801-15","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"https://security.gentoo.org/glsa/201801-15"},{"name":"RHSA-2016:0054","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2016-0054.html"},{"name":"openSUSE-SU-2016:0488","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html"},{"name":"GLSA-201706-18","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"https://security.gentoo.org/glsa/201706-18"},{"name":"USN-2864-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-2864-1"},{"name":"openSUSE-SU-2016:0162","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-updates/2016-01/msg00059.html"},{"name":"openSUSE-SU-2016:0605","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00166.html"},{"name":"RHSA-2016:0056","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2016-0056.html"},{"name":"openSUSE-SU-2016:0268","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"},{"name":"openSUSE-SU-2016:0307","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"},{"name":"RHSA-2016:0050","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2016-0050.html"},{"name":"DSA-3458","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2016/dsa-3458"},{"name":"SUSE-SU-2016:0265","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"},{"name":"USN-2865-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-2865-1"},{"name":"1034541","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1034541"},{"name":"openSUSE-SU-2016:0007","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-updates/2016-01/msg00005.html"},{"name":"USN-2863-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-2863-1"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-06T07:51:28.586Z"},"title":"CVE Program Container","references":[{"name":"DSA-3688","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2016/dsa-3688"},{"name":"DSA-3457","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2016/dsa-3457"},{"name":"DSA-3491","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2016/dsa-3491"},{"name":"openSUSE-SU-2016:0272","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"},{"name":"1036467","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1036467"},{"name":"GLSA-201701-46","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"https://security.gentoo.org/glsa/201701-46"},{"name":"openSUSE-SU-2016:0279","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"},{"name":"openSUSE-SU-2016:0161","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-updates/2016-01/msg00058.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"},{"name":"USN-2884-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-2884-1"},{"name":"79684","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/79684"},{"name":"DSA-3465","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2016/dsa-3465"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"},{"name":"RHSA-2016:1430","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2016:1430"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1158489"},{"name":"RHSA-2016:0049","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2016-0049.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"name":"openSUSE-SU-2016:0270","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"},{"name":"openSUSE-SU-2016:0308","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"},{"name":"DSA-3437","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2016/dsa-3437"},{"name":"RHSA-2016:0053","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2016-0053.html"},{"name":"USN-2904-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-2904-1"},{"name":"openSUSE-SU-2015:2405","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00139.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20160225-0001/"},{"name":"SUSE-SU-2016:0269","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"},{"name":"DSA-3436","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2016/dsa-3436"},{"name":"openSUSE-SU-2016:0263","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"},{"name":"USN-2866-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-2866-1"},{"name":"SUSE-SU-2016:0256","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"},{"name":"91787","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/91787"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.mozilla.org/security/announce/2015/mfsa2015-150.html"},{"name":"RHSA-2016:0055","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2016-0055.html"},{"name":"GLSA-201801-15","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"https://security.gentoo.org/glsa/201801-15"},{"name":"RHSA-2016:0054","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2016-0054.html"},{"name":"openSUSE-SU-2016:0488","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html"},{"name":"GLSA-201706-18","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"https://security.gentoo.org/glsa/201706-18"},{"name":"USN-2864-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-2864-1"},{"name":"openSUSE-SU-2016:0162","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-updates/2016-01/msg00059.html"},{"name":"openSUSE-SU-2016:0605","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00166.html"},{"name":"RHSA-2016:0056","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2016-0056.html"},{"name":"openSUSE-SU-2016:0268","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"},{"name":"openSUSE-SU-2016:0307","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"},{"name":"RHSA-2016:0050","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2016-0050.html"},{"name":"DSA-3458","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2016/dsa-3458"},{"name":"SUSE-SU-2016:0265","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"},{"name":"USN-2865-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-2865-1"},{"name":"1034541","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1034541"},{"name":"openSUSE-SU-2016:0007","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-updates/2016-01/msg00005.html"},{"name":"USN-2863-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-2863-1"}]}]},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2015-7575","datePublished":"2016-01-09T02:00:00.000Z","dateReserved":"2015-09-29T00:00:00.000Z","dateUpdated":"2024-08-06T07:51:28.586Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}