[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-USN-2656-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":98,"duplicates":99,"related":100,"reserved_at":9,"published_at":122,"modified_at":123,"state":9,"summary":124,"references_raw":126,"kevs":218,"epss":9,"epss_history":219,"metrics":220,"affected":221},"USN-2656-1","firefox vulnerabilities\n\nKarthikeyan Bhargavan discovered that NSS incorrectly handled state\ntransitions for the TLS state machine. If a remote attacker were able to\nperform a machine-in-the-middle attack, this flaw could be exploited to skip\nthe ServerKeyExchange message and remove the forward-secrecy property.\n(CVE-2015-2721)\n\nLooben Yan discovered 2 use-after-free issues when using XMLHttpRequest in\nsome circumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2015-2722,\nCVE-2015-2733)\n\nBob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Terrence\nCole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas Pehrson, Tooru\nFujisawa, Andrew Sutherland, and Gary Kwong discovered multiple memory\nsafety issues in Firefox. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2015-2724,\nCVE-2015-2725, CVE-2015-2726)\n\nArmin Razmdjou discovered that opening hyperlinks with specific mouse\nand key combinations could allow a Chrome privileged URL to be opened\nwithout context restrictions being preserved. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to bypass security restrictions. (CVE-2015-2727)\n\nPaul Bandha discovered a type confusion bug in the Indexed DB Manager. If\na user were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to cause a denial of service via\napplication crash or execute arbitrary code with the priviliges of the\nuser invoking Firefox. (CVE-2015-2728)\n\nHolger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a\nuser were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to obtain sensitive information.\n(CVE-2015-2729)\n\nWatson Ladd discovered that NSS incorrectly handled Elliptical Curve\nCryptography (ECC) multiplication. A remote attacker could possibly use\nthis issue to spoof ECDSA signatures. (CVE-2015-2730)\n\nA use-after-free was discovered when a Content Policy modifies the DOM to\nremove a DOM object. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash or execute arbitrary code with the\npriviliges of the user invoking Firefox. (CVE-2015-2731)\n\nRonald Crane discovered multiple security vulnerabilities. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737,\nCVE-2015-2738, CVE-2015-2739, CVE-2015-2740)\n\nDavid Keeler discovered that key pinning checks can be skipped when an\noverridable certificate error occurs. This allows a user to manually\noverride an error for a fake certificate, but cannot be exploited on its\nown. (CVE-2015-2741)\n\nJonas Jenwald discovered that some internal workers were incorrectly\nexecuted with a high privilege. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this in\ncombination with another security vulnerability, to execute arbitrary code\nin a privileged scope. (CVE-2015-2743)\n\nMatthew Green discovered a DHE key processing issue in NSS where a MITM\ncould force a server to downgrade TLS connections to 512-bit export-grade\ncryptography. An attacker could potentially exploit this to impersonate\nthe server. (CVE-2015-4000)\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96],{"_key":15},"CVE-2015-2721",{"_key":17},"CVE-2015-2722",{"_key":19},"CVE-2015-2724",{"_key":21},"CVE-2015-2725",{"_key":23},"CVE-2015-2726",{"_key":25},"CVE-2015-2727",{"_key":27},"CVE-2015-2728",{"_key":29},"CVE-2015-2729",{"_key":31},"CVE-2015-2730",{"_key":33},"CVE-2015-2731",{"_key":35},"CVE-2015-2733",{"_key":37},"CVE-2015-2734",{"_key":39},"CVE-2015-2735",{"_key":41},"CVE-2015-2736",{"_key":43},"CVE-2015-2737",{"_key":45},"CVE-2015-2738",{"_key":47},"CVE-2015-2739",{"_key":49},"CVE-2015-2740",{"_key":51},"CVE-2015-2741",{"_key":53},"CVE-2015-2743",{"_key":55},"CVE-2015-4000",{"_key":57},"UBUNTU-CVE-2015-2721",{"_key":59},"UBUNTU-CVE-2015-2722",{"_key":61},"UBUNTU-CVE-2015-2724",{"_key":63},"UBUNTU-CVE-2015-2725",{"_key":65},"UBUNTU-CVE-2015-2726",{"_key":67},"UBUNTU-CVE-2015-2727",{"_key":69},"UBUNTU-CVE-2015-2728",{"_key":71},"UBUNTU-CVE-2015-2729",{"_key":73},"UBUNTU-CVE-2015-2730",{"_key":75},"UBUNTU-CVE-2015-2731",{"_key":77},"UBUNTU-CVE-2015-2733",{"_key":79},"UBUNTU-CVE-2015-2734",{"_key":81},"UBUNTU-CVE-2015-2735",{"_key":83},"UBUNTU-CVE-2015-2736",{"_key":85},"UBUNTU-CVE-2015-2737",{"_key":87},"UBUNTU-CVE-2015-2738",{"_key":89},"UBUNTU-CVE-2015-2739",{"_key":91},"UBUNTU-CVE-2015-2740",{"_key":93},"UBUNTU-CVE-2015-2741",{"_key":95},"UBUNTU-CVE-2015-2743",{"_key":97},"UBUNTU-CVE-2015-4000",[],[],[101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121],{"_key":97},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":67},{"_key":69},{"_key":71},{"_key":73},{"_key":75},{"_key":77},{"_key":79},{"_key":81},{"_key":83},{"_key":85},{"_key":87},{"_key":89},{"_key":91},{"_key":93},{"_key":95},"2015-07-09T20:16:09Z","2026-05-29T18:00:25.315366086Z",{"cisa_kev":125,"cisa_ransomware":125,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[127,133,138,142,146,150,154,158,162,166,170,174,178,182,186,190,194,198,202,206,210,214],{"url":128,"sources":129,"tags":131},"https://ubuntu.com/security/notices/USN-2656-1",[130],"osv_ubuntu",[132],"Advisory",{"url":134,"sources":135,"tags":136},"https://ubuntu.com/security/CVE-2015-2721",[130],[137],"REPORT",{"url":139,"sources":140,"tags":141},"https://ubuntu.com/security/CVE-2015-2722",[130],[137],{"url":143,"sources":144,"tags":145},"https://ubuntu.com/security/CVE-2015-2724",[130],[137],{"url":147,"sources":148,"tags":149},"https://ubuntu.com/security/CVE-2015-2725",[130],[137],{"url":151,"sources":152,"tags":153},"https://ubuntu.com/security/CVE-2015-2726",[130],[137],{"url":155,"sources":156,"tags":157},"https://ubuntu.com/security/CVE-2015-2727",[130],[137],{"url":159,"sources":160,"tags":161},"https://ubuntu.com/security/CVE-2015-2728",[130],[137],{"url":163,"sources":164,"tags":165},"https://ubuntu.com/security/CVE-2015-2729",[130],[137],{"url":167,"sources":168,"tags":169},"https://ubuntu.com/security/CVE-2015-2730",[130],[137],{"url":171,"sources":172,"tags":173},"https://ubuntu.com/security/CVE-2015-2731",[130],[137],{"url":175,"sources":176,"tags":177},"https://ubuntu.com/security/CVE-2015-2733",[130],[137],{"url":179,"sources":180,"tags":181},"https://ubuntu.com/security/CVE-2015-2734",[130],[137],{"url":183,"sources":184,"tags":185},"https://ubuntu.com/security/CVE-2015-2735",[130],[137],{"url":187,"sources":188,"tags":189},"https://ubuntu.com/security/CVE-2015-2736",[130],[137],{"url":191,"sources":192,"tags":193},"https://ubuntu.com/security/CVE-2015-2737",[130],[137],{"url":195,"sources":196,"tags":197},"https://ubuntu.com/security/CVE-2015-2738",[130],[137],{"url":199,"sources":200,"tags":201},"https://ubuntu.com/security/CVE-2015-2739",[130],[137],{"url":203,"sources":204,"tags":205},"https://ubuntu.com/security/CVE-2015-2740",[130],[137],{"url":207,"sources":208,"tags":209},"https://ubuntu.com/security/CVE-2015-2741",[130],[137],{"url":211,"sources":212,"tags":213},"https://ubuntu.com/security/CVE-2015-2743",[130],[137],{"url":215,"sources":216,"tags":217},"https://ubuntu.com/security/CVE-2015-4000",[130],[137],[],[],[],[222],{"ecosystem":223,"name":224,"vendor":225,"product":224,"cpe_part":9,"purl_type":226,"purl_namespace":225,"purl_name":224,"source":9,"versions":227},"Ubuntu","firefox","ubuntu","deb",[228],{"version":229,"is_range":230,"range_type":231,"version_start":9,"version_start_type":9,"version_end":232,"version_end_type":233,"fixed_in":9},"lt39_0+build5_0ubuntu0_14_04_1",true,"ecosystem","39.0+build5-0ubuntu0.14.04.1","excluding"]