CVE-2015-7200

The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key.

Published: Nov 5, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-7200
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-17

Affected Software
References

Software	From	Fixed in
mozilla / firefox	-	41.0.2.x
mozilla / firefox_esr	38.0	38.0.x
mozilla / firefox_esr	38.2.1	38.2.1.x
mozilla / firefox_esr	38.1.0	38.1.0.x
mozilla / firefox_esr	38.2.0	38.2.0.x
mozilla / firefox_esr	38.3.0	38.3.0.x
mozilla / firefox_esr	38.0.5	38.0.5.x
mozilla / firefox_esr	38.0.1	38.0.1.x
mozilla / firefox_esr	38.1.1	38.1.1.x

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html
http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html
http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html
http://rhn.redhat.com/errata/RHSA-2015-1982.html
http://rhn.redhat.com/errata/RHSA-2015-2519.html
http://www.debian.org/security/2015/dsa-3393
http://www.debian.org/security/2015/dsa-3410
http://www.mozilla.org/security/announce/2015/mfsa2015-131.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/77411
http://www.securitytracker.com/id/1034069
http://www.ubuntu.com/usn/USN-2785-1
http://www.ubuntu.com/usn/USN-2819-1
https://bugzilla.mozilla.org/show_bug.cgi?id=1204155
https://security.gentoo.org/glsa/201512-10

Vulnerability Database

CVE-2015-7200