CVE-2015-7182
9.8 CRITICAL
📋 TL;DR
A heap-based buffer overflow vulnerability in Mozilla NSS's ASN.1 decoder allows remote attackers to crash applications or potentially execute arbitrary code via specially crafted OCTET STRING data. This affects Firefox, Firefox ESR, and any software using vulnerable versions of NSS. The high CVSS score indicates critical severity with network-accessible attack vectors.
💻 Affected Systems
Products:
- Firefox
- Firefox ESR
- Mozilla NSS
- Other products using NSS for cryptography
Versions: NSS before 3.19.2.1, NSS 3.20.x before 3.20.1, Firefox before 42.0, Firefox ESR 38.x before 38.4
Operating Systems: All platforms running affected software
Default Config Vulnerable:
⚠️ Yes
Notes: Any application using NSS for ASN.1 parsing of OCTET STRING data is vulnerable. This includes TLS/SSL implementations.
📦 What is this software?
Firefox by Mozilla
Firefox by Mozilla
Firefox by Mozilla
Firefox by Mozilla
Firefox by Mozilla
Firefox by Mozilla
Firefox by Mozilla
Firefox by Mozilla
Firefox by Mozilla
Opensso by Oracle
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, data theft, or persistent backdoor installation.
Likely Case
Denial of service through application crashes, potentially disrupting browser sessions or TLS-dependent services.
If Mitigated
With proper network segmentation and updated software, impact is limited to isolated application crashes without system compromise.
🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM
🎯 Exploit Status
Public PoC:
✅ No
Weaponized:
UNKNOWN
Unauthenticated Exploit:
⚠️ Yes
Complexity:
MEDIUM
Exploitation requires crafting malicious ASN.1 data, but buffer overflow primitives are well-understood. No public exploit code is referenced in the provided advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: NSS 3.19.2.1, NSS 3.20.1, Firefox 42.0, Firefox ESR 38.4
Vendor Advisory: https://www.mozilla.org/security/advisories/
Restart Required: Yes
Instructions:
1. Update Firefox to version 42.0 or later. 2. Update Firefox ESR to version 38.4 or later. 3. Update NSS library to version 3.19.2.1 or 3.20.1. 4. Restart affected applications.
🔧 Temporary Workarounds
Network filtering
allBlock or filter malicious ASN.1 data at network boundaries using IPS/IDS or web application firewalls.
Application isolation
allRun vulnerable applications in sandboxed environments to limit potential damage from exploitation.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate vulnerable systems from untrusted networks.
- Deploy application control policies to prevent execution of unknown code if RCE occurs.
🔍 How to Verify
Check if Vulnerable:
Check Firefox version via 'Help → About Firefox' or command 'firefox --version'. Check NSS version via 'strings /path/to/libnss3.so | grep Version' on Linux.Check Version:
firefox --version (Firefox), rpm -q nss (RPM systems), dpkg -l libnss3 (Debian systems)Verify Fix Applied:
Confirm version numbers match or exceed patched versions: Firefox ≥42.0, Firefox ESR ≥38.4, NSS ≥3.19.2.1 or ≥3.20.1.📡 Detection & Monitoring
Log Indicators:
- Application crashes in Firefox/NSS-related processes
- Unexpected termination of TLS/SSL services
Network Indicators:
- Malformed ASN.1 data in network traffic
- Unexpected connections following ASN.1 parsing
SIEM Query:
source="firefox.log" AND (event="crash" OR event="segfault")🔗 References
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html
- http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html
- http://rhn.redhat.com/errata/RHSA-2015-1980.html
- http://rhn.redhat.com/errata/RHSA-2015-1981.html
- http://www.debian.org/security/2015/dsa-3393
- http://www.debian.org/security/2015/dsa-3410
- http://www.debian.org/security/2016/dsa-3688
- http://www.mozilla.org/security/announce/2015/mfsa2015-133.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/77416
- http://www.securityfocus.com/bid/91787
- http://www.securitytracker.com/id/1034069
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753
- http://www.ubuntu.com/usn/USN-2785-1
- http://www.ubuntu.com/usn/USN-2791-1
- http://www.ubuntu.com/usn/USN-2819-1
- https://bto.bluecoat.com/security-advisory/sa119
- https://bugzilla.mozilla.org/show_bug.cgi?id=1202868
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes
- https://security.gentoo.org/glsa/201512-10
- https://security.gentoo.org/glsa/201605-06
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html
- http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html
- http://rhn.redhat.com/errata/RHSA-2015-1980.html
- http://rhn.redhat.com/errata/RHSA-2015-1981.html
- http://www.debian.org/security/2015/dsa-3393
- http://www.debian.org/security/2015/dsa-3410
- http://www.debian.org/security/2016/dsa-3688
- http://www.mozilla.org/security/announce/2015/mfsa2015-133.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/77416
- http://www.securityfocus.com/bid/91787
- http://www.securitytracker.com/id/1034069
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753
- http://www.ubuntu.com/usn/USN-2785-1
- http://www.ubuntu.com/usn/USN-2791-1
- http://www.ubuntu.com/usn/USN-2819-1
- https://bto.bluecoat.com/security-advisory/sa119
- https://bugzilla.mozilla.org/show_bug.cgi?id=1202868
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes
- https://security.gentoo.org/glsa/201512-10
- https://security.gentoo.org/glsa/201605-06
