nss: Several vulnerabilities (CVE-2015-2721, CVE-2015-2730)
Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla
Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before
38.1,
Thunderbird before 38.1, and other products, does not properly determine
state transitions for the TLS state machine, which allows
man-in-the-middle attackers to defeat cryptographic protection
mechanisms by blocking messages, as demonstrated by removing a
forward-secrecy property
by blocking a ServerKeyExchange message, aka a “SMACK SKIP-TLS” issue.
References:
https://security-tracker.debian.org/tracker/CVE-2015-2721
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2721
http://www.mozilla.org/security/announce/2015/mfsa2015-64.html
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-2721
Upstream commits:
NSS patch: https://hg.mozilla.org/projects/nss/rev/6b4770c76bc8
NSS testcase: https://hg.mozilla.org/projects/nss/rev/1865635f5df5
https://hg.mozilla.org/projects/nss/rev/2c05e861ce07
https://hg.mozilla.org/projects/nss/rev/fc6870938172
This issue was fixed in NSS version 3.19.1.
(from redmine: issue id 4718, created on 2015-10-02, closed on 2015-12-02)
- Relations:
- child #4719 (closed)
- child #4720 (closed)
- child #4721 (closed)