CVE-2015-7183
nspr - security update
EPSS 4.7%
Description
Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
How to fix CVE-2015-7183
To remediate CVE-2015-7183, upgrade the affected package to a fixed version below.
- Debian/nspr—upgrade to 2:4.10.10-1 or later
- —upgrade to 4.8.6-1+squeeze3 or later
- —upgrade to 2:4.9.2-1+deb7u3 or later
Is CVE-2015-7183 being exploited?
Low — EPSS is 4.7%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2:4.10.10-1
- from 0, < 4.8.6-1+squeeze3
- from 0, < 2:4.9.2-1+deb7u3