CVE-2015-7183

Publication date 4 November 2015

Last updated 24 July 2024


Ubuntu priority

Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

Status

Package Ubuntu Release Status
firefox 17.04 zesty
Fixed 42.0+build2-0ubuntu1
16.10 yakkety
Fixed 42.0+build2-0ubuntu1
16.04 LTS xenial
Fixed 42.0+build2-0ubuntu1
15.10 wily
Fixed 42.0+build2-0ubuntu0.15.10.1
15.04 vivid
Fixed 42.0+build2-0ubuntu0.15.04.1
14.04 LTS trusty
Fixed 42.0+build2-0ubuntu0.14.04.1
12.04 LTS precise
Fixed 42.0+build2-0ubuntu0.12.04.1
nspr 17.04 zesty
Not affected
16.10 yakkety
Not affected
16.04 LTS xenial
Not affected
15.10 wily
Fixed 2:4.10.10-0ubuntu0.15.10.1
15.04 vivid
Fixed 2:4.10.10-0ubuntu0.15.04.1
14.04 LTS trusty
Fixed 2:4.10.10-0ubuntu0.14.04.1
12.04 LTS precise
Fixed 4.10.10-0ubuntu0.12.04.1
thunderbird 17.04 zesty
Fixed 1:38.4.0+build3-0ubuntu1
16.10 yakkety
Fixed 1:38.4.0+build3-0ubuntu1
16.04 LTS xenial
Fixed 1:38.4.0+build3-0ubuntu1
15.10 wily
Fixed 1:38.4.0+build3-0ubuntu0.15.10.1
15.04 vivid
Fixed 1:38.4.0+build3-0ubuntu0.15.04.1
14.04 LTS trusty
Fixed 1:38.4.0+build3-0ubuntu0.14.04.1
12.04 LTS precise
Fixed 1:38.4.0+build3-0ubuntu0.12.04.1
virtualbox 17.04 zesty
Not affected
16.10 yakkety
Not affected
16.04 LTS xenial
Not affected
15.10 wily
Fixed 5.0.14-dfsg-0ubuntu1.15.10.1
15.04 vivid
Fixed 4.3.36-dfsg-1+deb8u1ubuntu1.15.04.1
14.04 LTS trusty
Fixed 4.3.36-dfsg-1+deb8u1ubuntu1.14.04.1
12.04 LTS precise Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
nspr

References

Related Ubuntu Security Notices (USN)

    • USN-2785-1
    • Firefox vulnerabilities
    • 4 November 2015
    • USN-2819-1
    • Thunderbird vulnerabilities
    • 1 December 2015

Other references