) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- Keyword (text search): cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*
- CPE Name Search: true
There are 721 matching records.
Displaying matches 721 through 721.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2015-2721 |
Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue. Published: July 05, 2015; 10:00:49 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |