Search for vulnerabilities
Vulnerability details: VCID-wh2u-5ttv-tbez
Vulnerability ID VCID-wh2u-5ttv-tbez
Aliases CVE-2015-7183
Summary Mozilla engineers Tyson Smith and David Keeler reported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security Services (NSS). These issues were in octet string parsing and were found through fuzzing and code inspection. If these issues were triggered, they would lead to a potentially exploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in Firefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in the Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation. This leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-190 Integer Overflow or Wraparound
CWE-122 Heap-based Buffer Overflow
System Score Found at
epss 0.18188 https://api.first.org/data/v1/epss?cve=CVE-2015-7183
epss 0.18188 https://api.first.org/data/v1/epss?cve=CVE-2015-7183
epss 0.18188 https://api.first.org/data/v1/epss?cve=CVE-2015-7183
epss 0.18188 https://api.first.org/data/v1/epss?cve=CVE-2015-7183
epss 0.18188 https://api.first.org/data/v1/epss?cve=CVE-2015-7183
epss 0.18188 https://api.first.org/data/v1/epss?cve=CVE-2015-7183
epss 0.18188 https://api.first.org/data/v1/epss?cve=CVE-2015-7183
epss 0.18188 https://api.first.org/data/v1/epss?cve=CVE-2015-7183
epss 0.18188 https://api.first.org/data/v1/epss?cve=CVE-2015-7183
epss 0.18188 https://api.first.org/data/v1/epss?cve=CVE-2015-7183
epss 0.18188 https://api.first.org/data/v1/epss?cve=CVE-2015-7183
epss 0.18188 https://api.first.org/data/v1/epss?cve=CVE-2015-7183
epss 0.18188 https://api.first.org/data/v1/epss?cve=CVE-2015-7183
epss 0.18188 https://api.first.org/data/v1/epss?cve=CVE-2015-7183
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2015-133
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7183.json
https://api.first.org/data/v1/epss?cve=CVE-2015-7183
1269353 https://bugzilla.redhat.com/show_bug.cgi?id=1269353
CVE-2015-7183 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183
mfsa2015-133 https://www.mozilla.org/en-US/security/advisories/mfsa2015-133
RHSA-2015:1980 https://access.redhat.com/errata/RHSA-2015:1980
RHSA-2015:1981 https://access.redhat.com/errata/RHSA-2015:1981
RHSA-2015:2068 https://access.redhat.com/errata/RHSA-2015:2068
USN-2785-1 https://usn.ubuntu.com/2785-1/
USN-2790-1 https://usn.ubuntu.com/2790-1/
USN-2819-1 https://usn.ubuntu.com/2819-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.9492
EPSS Score 0.18188
Published At Aug. 6, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:10:51.020288+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2015/mfsa2015-133.md 37.0.0