Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2015-7181

The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.

Related bugs and status

CVE-2015-7181 (Candidate) is related to these bugs:

Bug #1522411: Chromium in Ubuntu still to version 45.0.2454.101 not update to version 46.0.2490.71 as Debian Chromium present version.

Summary				In	Importance	Status
	1522411	Chromium in Ubuntu still to version 45.0.2454.101 not update to version 46.0.2490.71 as Debian Chromium present version.		chromium-browser (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.mozilla.org...
CONFIRM: https://bugzilla.mozil...
CONFIRM: https://developer.mozi...
CONFIRM: https://developer.mozi...
CONFIRM: https://developer.mozi...
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
BID: 91787
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
BID: 77416
GENTOO: GLSA-201605-06
CONFIRM: https://bto.bluecoat.c...
MISC: http://packetstormsecu...
DEBIAN: DSA-3410
DEBIAN: DSA-3393
GENTOO: GLSA-201512-10
REDHAT: RHSA-2015:1980
REDHAT: RHSA-2015:1981
SUSE: openSUSE-SU-2015:2229
SUSE: openSUSE-SU-2015:2245
SUSE: SUSE-SU-2015:1926
SUSE: openSUSE-SU-2015:1942
SUSE: SUSE-SU-2015:1978
SUSE: SUSE-SU-2015:1981
SUSE: SUSE-SU-2015:2081
UBUNTU: USN-2819-1
UBUNTU: USN-2785-1
UBUNTU: USN-2791-1
SECTRACK: 1034069
SLACKWARE: SSA:2015-310-02
CONFIRM: http://www.oracle.com/...
DEBIAN: DSA-3688