CVE-2015-7575

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2015-7575

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2015-7575.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2015-7575

Downstream

DEBIAN-CVE-2015-7575

DLA-410-1

DSA-3436-1

DSA-3437-1

DSA-3457-1

DSA-3458-1

DSA-3465-1

DSA-3491-1

DSA-3688-1

RHSA-2016:0007

RHSA-2016:0008

RHSA-2016:0012

RHSA-2016:0049

RHSA-2016:0050

RHSA-2016:0053

RHSA-2016:0054

RHSA-2016:0055

RHSA-2016:0056

RHSA-2016:0098

RHSA-2016:0099

RHSA-2016:0100

RHSA-2016:0101

RHSA-2016:1430

SUSE-SU-2016:0149-1

SUSE-SU-2016:0189-1

SUSE-SU-2016:0256-1

SUSE-SU-2016:0265-1

SUSE-SU-2016:0269-1

SUSE-SU-2016:0390-1

SUSE-SU-2016:0399-1

SUSE-SU-2016:0401-1

SUSE-SU-2016:0428-1

SUSE-SU-2016:0431-1

SUSE-SU-2016:0433-1

SUSE-SU-2016:0584-1

SUSE-SU-2016:0636-1

SUSE-SU-2016:0770-1

UBUNTU-CVE-2015-7575

USN-2864-1

USN-2865-1

USN-2866-1

USN-2884-1

USN-2904-1

openSUSE-SU-2024:10071-1

openSUSE-SU-2024:10088-1

openSUSE-SU-2024:10197-1

openSUSE-SU-2024:10218-1

openSUSE-SU-2024:10230-1

openSUSE-SU-2024:10451-1

openSUSE-SU-2024:10486-1

openSUSE-SU-2024:10534-1

openSUSE-SU-2024:12903-1

openSUSE-SU-2024:14572-1

Related

Published

2016-01-09T02:59:10Z

Modified

2025-08-09T19:01:28Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.

References

Affected packages