CVE-2015-7183

Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

Published: 2015-11-05 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2015-7183 is rated Moderate Risk (64.8/100): CVSS High severity, with high exploitation likelihood (EPSS 6.85%, 93th percentile). Core evidence: EPSS ranks this CVE among the most likely to be exploited in the near term. EPSS rose +2.15% over the last day, indicating growing attacker interest. Mandatory action: High exploitation likelihood—assess exposure and prioritize remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2015-7183

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 4.70% 6.85% +2.15%
2 2026-03-03 5.02% 4.70% -0.32%
3 2026-02-21 5.02%

Full EPSS history (18 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2015-7183

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.5 2.0 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
10.0 6.4 [email protected]

Weakness enumeration for CVE-2015-7183

OS Trackers for CVE-2015-7183

vendor priority summary link
debian not yet assigned CVE-2015-7183 not yet assigned priority: Debian including 2 source packages (nspr, virtualbox), 6 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 6. https://security-tracker.debian.org/tracker/CVE-2015-7183
gentoo normal CVE-2015-7183: 2 GLSA(s) (201512-10, 201605-06), 6 atom(s) (dev-libs/nspr, dev-libs/nss, mail-client/thunderbird, mail-client/thunderbird-bin, www-client/firefox, www-client/firefox-bin); latest impact normal. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2015-7183
redhat critical https://access.redhat.com/security/cve/CVE-2015-7183
suse high CVE-2015-7183 severity important: SUSE including 444 source package names (MozillaFirefox, MozillaFirefox-102.11.0-150200.152.87.1, …), 728 product×package rows across 99 product lines (Image SLES12-SP5-Azure-BYOS, Image SLES12-SP5-Azure-Basic-On-Demand, … (99 product lines)): Fixed 448, Known Affected 231, Known Not Affected 49. https://www.suse.com/security/cve/CVE-2015-7183/
ubuntu medium CVE-2015-7183 medium priority: Ubuntu including 4 source packages (firefox, nspr, thunderbird, virtualbox), 32 status rows across 8 suites (precise, trusty, upstream, vivid, wily, xenial, yakkety, zesty): released 25, not-affected 6, ignored 1. https://ubuntu.com/security/CVE-2015-7183

Affected software / configurations for CVE-2015-7183

Vendor Product Version Raw CPE
mozilla firefox <= 41.0.2 cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozilla network_security_services <= 3.19.2.0 cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*
mozilla network_security_services 3.20.0 cpe:2.3:a:mozilla:network_security_services:3.20.0:*:*:*:*:*:*:*
mozilla firefox 38.0 cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*
mozilla firefox 38.0.1 cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*
mozilla firefox 38.0.5 cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*
mozilla firefox 38.1.0 cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*
mozilla firefox 38.1.1 cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*
mozilla firefox 38.2.0 cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*
mozilla firefox 38.2.1 cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*
mozilla firefox 38.3.0 cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*

References for CVE-2015-7183

URL Tags
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html
http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html
http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html
http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html
http://rhn.redhat.com/errata/RHSA-2015-1980.html
http://rhn.redhat.com/errata/RHSA-2015-1981.html
http://www.debian.org/security/2015/dsa-3393
http://www.debian.org/security/2015/dsa-3406
http://www.mozilla.org/security/announce/2015/mfsa2015-133.html Vendor Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/77415
http://www.securityfocus.com/bid/91787
http://www.securitytracker.com/id/1034069
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753
http://www.ubuntu.com/usn/USN-2785-1
http://www.ubuntu.com/usn/USN-2790-1
http://www.ubuntu.com/usn/USN-2819-1
https://bto.bluecoat.com/security-advisory/sa119
https://bugzilla.mozilla.org/show_bug.cgi?id=1205157
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes Vendor Advisory
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes Vendor Advisory
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes Vendor Advisory
https://security.gentoo.org/glsa/201512-10
https://security.gentoo.org/glsa/201605-06
cvelogic Threat Intelligence