{"id":"USN-2656-1","summary":"firefox vulnerabilities","details":"Karthikeyan Bhargavan discovered that NSS incorrectly handled state\ntransitions for the TLS state machine. If a remote attacker were able to\nperform a machine-in-the-middle attack, this flaw could be exploited to skip\nthe ServerKeyExchange message and remove the forward-secrecy property.\n(CVE-2015-2721)\n\nLooben Yan discovered 2 use-after-free issues when using XMLHttpRequest in\nsome circumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2015-2722,\nCVE-2015-2733)\n\nBob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Terrence\nCole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas Pehrson, Tooru\nFujisawa, Andrew Sutherland, and Gary Kwong discovered multiple memory\nsafety issues in Firefox. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2015-2724,\nCVE-2015-2725, CVE-2015-2726)\n\nArmin Razmdjou discovered that opening hyperlinks with specific mouse\nand key combinations could allow a Chrome privileged URL to be opened\nwithout context restrictions being preserved. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to bypass security restrictions. (CVE-2015-2727)\n\nPaul Bandha discovered a type confusion bug in the Indexed DB Manager. If\na user were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to cause a denial of service via\napplication crash or execute arbitrary code with the priviliges of the\nuser invoking Firefox. (CVE-2015-2728)\n\nHolger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a\nuser were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to obtain sensitive information.\n(CVE-2015-2729)\n\nWatson Ladd discovered that NSS incorrectly handled Elliptical Curve\nCryptography (ECC) multiplication. A remote attacker could possibly use\nthis issue to spoof ECDSA signatures. (CVE-2015-2730)\n\nA use-after-free was discovered when a Content Policy modifies the DOM to\nremove a DOM object. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash or execute arbitrary code with the\npriviliges of the user invoking Firefox. (CVE-2015-2731)\n\nRonald Crane discovered multiple security vulnerabilities. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737,\nCVE-2015-2738, CVE-2015-2739, CVE-2015-2740)\n\nDavid Keeler discovered that key pinning checks can be skipped when an\noverridable certificate error occurs. This allows a user to manually\noverride an error for a fake certificate, but cannot be exploited on its\nown. (CVE-2015-2741)\n\nJonas Jenwald discovered that some internal workers were incorrectly\nexecuted with a high privilege. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this in\ncombination with another security vulnerability, to execute arbitrary code\nin a privileged scope. (CVE-2015-2743)\n\nMatthew Green discovered a DHE key processing issue in NSS where a MITM\ncould force a server to downgrade TLS connections to 512-bit export-grade\ncryptography. An attacker could potentially exploit this to impersonate\nthe server. (CVE-2015-4000)\n","modified":"2026-02-10T04:40:54Z","published":"2015-07-09T20:16:09Z","related":["UBUNTU-CVE-2015-2721","UBUNTU-CVE-2015-2722","UBUNTU-CVE-2015-2724","UBUNTU-CVE-2015-2725","UBUNTU-CVE-2015-2726","UBUNTU-CVE-2015-2727","UBUNTU-CVE-2015-2728","UBUNTU-CVE-2015-2729","UBUNTU-CVE-2015-2730","UBUNTU-CVE-2015-2731","UBUNTU-CVE-2015-2733","UBUNTU-CVE-2015-2734","UBUNTU-CVE-2015-2735","UBUNTU-CVE-2015-2736","UBUNTU-CVE-2015-2737","UBUNTU-CVE-2015-2738","UBUNTU-CVE-2015-2739","UBUNTU-CVE-2015-2740","UBUNTU-CVE-2015-2741","UBUNTU-CVE-2015-2743","UBUNTU-CVE-2015-4000"],"upstream":["CVE-2015-2721","CVE-2015-2722","CVE-2015-2724","CVE-2015-2725","CVE-2015-2726","CVE-2015-2727","CVE-2015-2728","CVE-2015-2729","CVE-2015-2730","CVE-2015-2731","CVE-2015-2733","CVE-2015-2734","CVE-2015-2735","CVE-2015-2736","CVE-2015-2737","CVE-2015-2738","CVE-2015-2739","CVE-2015-2740","CVE-2015-2741","CVE-2015-2743","CVE-2015-4000","UBUNTU-CVE-2015-2721","UBUNTU-CVE-2015-2722","UBUNTU-CVE-2015-2724","UBUNTU-CVE-2015-2725","UBUNTU-CVE-2015-2726","UBUNTU-CVE-2015-2727","UBUNTU-CVE-2015-2728","UBUNTU-CVE-2015-2729","UBUNTU-CVE-2015-2730","UBUNTU-CVE-2015-2731","UBUNTU-CVE-2015-2733","UBUNTU-CVE-2015-2734","UBUNTU-CVE-2015-2735","UBUNTU-CVE-2015-2736","UBUNTU-CVE-2015-2737","UBUNTU-CVE-2015-2738","UBUNTU-CVE-2015-2739","UBUNTU-CVE-2015-2740","UBUNTU-CVE-2015-2741","UBUNTU-CVE-2015-2743","UBUNTU-CVE-2015-4000"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2656-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-2721"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-2722"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-2724"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-2725"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-2726"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-2727"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-2728"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-2729"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-2730"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-2731"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-2733"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-2734"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-2735"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-2736"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-2737"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-2738"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-2739"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-2740"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-2741"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-2743"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-4000"}],"affected":[{"package":{"name":"firefox","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/firefox@39.0+build5-0ubuntu0.14.04.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"39.0+build5-0ubuntu0.14.04.1"}]}],"versions":["24.0+build1-0ubuntu1","25.0+build3-0ubuntu0.13.10.1","28.0~b2+build1-0ubuntu2","28.0+build1-0ubuntu1","28.0+build2-0ubuntu1","28.0+build2-0ubuntu2","29.0+build1-0ubuntu0.14.04.2","30.0+build1-0ubuntu0.14.04.3","31.0+build1-0ubuntu0.14.04.1","32.0+build1-0ubuntu0.14.04.1","32.0.3+build1-0ubuntu0.14.04.1","33.0+build2-0ubuntu0.14.04.1","34.0+build2-0ubuntu0.14.04.1","35.0+build3-0ubuntu0.14.04.2","35.0.1+build1-0ubuntu0.14.04.1","36.0+build2-0ubuntu0.14.04.4","36.0.1+build2-0ubuntu0.14.04.1","36.0.4+build1-0ubuntu0.14.04.1","37.0+build2-0ubuntu0.14.04.1","37.0.1+build1-0ubuntu0.14.04.1","37.0.2+build1-0ubuntu0.14.04.1","38.0+build3-0ubuntu0.14.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"39.0+build5-0ubuntu0.14.04.1","binary_name":"firefox"},{"binary_version":"39.0+build5-0ubuntu0.14.04.1","binary_name":"firefox-dev"},{"binary_version":"39.0+build5-0ubuntu0.14.04.1","binary_name":"firefox-globalmenu"},{"binary_version":"39.0+build5-0ubuntu0.14.04.1","binary_name":"firefox-mozsymbols"},{"binary_version":"39.0+build5-0ubuntu0.14.04.1","binary_name":"firefox-testsuite"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2656-1.json","cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-2721"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-2722"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-2724"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-2725"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-2726"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-2727"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-2728"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-2729"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-2730"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-2731"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-2733"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-2734"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-2735"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-2736"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-2737"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-2738"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-2739"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-2740"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-2741"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-2743"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-4000"}]}}}],"schema_version":"1.7.3"}