CVE-2015-7183
Publication date 4 November 2015
Last updated 24 July 2024
Ubuntu priority
Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| firefox | ||
| 16.04 LTS xenial |
Fixed 42.0+build2-0ubuntu1
|
|
| 14.04 LTS trusty |
Fixed 42.0+build2-0ubuntu0.14.04.1
|
|
| nspr | ||
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Fixed 2:4.10.10-0ubuntu0.14.04.1
|
|
| thunderbird | ||
| 16.04 LTS xenial |
Fixed 1:38.4.0+build3-0ubuntu1
|
|
| 14.04 LTS trusty |
Fixed 1:38.4.0+build3-0ubuntu0.14.04.1
|
|
| virtualbox | ||
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Fixed 4.3.36-dfsg-1+deb8u1ubuntu1.14.04.1
|
|
Patch details
| Package | Patch details |
|---|---|
| nspr |
References
Related Ubuntu Security Notices (USN)
- USN-2785-1
- Firefox vulnerabilities
- 4 November 2015
- USN-2819-1
- Thunderbird vulnerabilities
- 1 December 2015
- USN-2790-1
- NSPR vulnerability
- 4 November 2015