Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
Conclusion & alert: CVE-2015-7575 is rated Moderate Risk (55.2/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 2.90%). Core evidence: EPSS rose +1.83% over the last day, indicating growing attacker interest. Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 1.07% | 2.90% | +1.83% |
| 2 | 2026-05-24 | 1.51% | 1.07% | -0.44% |
| 3 | 2026-03-30 | — | 1.51% | — |
Full EPSS history (16 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 5.9 | 3.0 | MEDIUM |
|
2.2 | 3.6 | [email protected] |
| 4.3 | 2.0 | MEDIUM |
|
8.6 | 2.9 | [email protected] |
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
not yet assigned | CVE-2015-7575 not yet assigned priority: Debian including 4 source packages (gnutls28, nss, openjdk-8, openssl), 16 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 16. | https://security-tracker.debian.org/tracker/CVE-2015-7575 |
gentoo
|
normal | CVE-2015-7575: 4 GLSA(s) (201605-06, 201701-46, 201706-18, 201801-15), 8 atom(s) (dev-libs/nspr, dev-libs/nss, …); latest impact normal. | https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2015-7575 |
redhat
|
medium | — | https://access.redhat.com/security/cve/CVE-2015-7575 |
suse
|
medium | CVE-2015-7575 severity moderate: SUSE including 874 source package names (MozillaFirefox-102.11.0-150200.152.87.1, MozillaFirefox-115.10.0-150200.152.134.1, …), 1267 product×package rows across 109 product lines (Image SLES12-SP5-Azure-BYOS, Image SLES12-SP5-Azure-Basic-On-Demand, … (109 product lines)): Fixed 1095, Known Affected 157, Known Not Affected 15. | https://www.suse.com/security/cve/CVE-2015-7575/ |
ubuntu
|
medium | CVE-2015-7575 medium priority: Ubuntu including 12 source packages (firefox, gnutls26, …), 143 status rows across 12 suites (artful, bionic, cosmic, disco, precise, trusty, upstream, vivid, wily, xenial, yakkety, zesty): DNE 46, released 46, not-affected 41, ignored 6, needs-triage 4. | https://ubuntu.com/security/CVE-2015-7575 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| mozilla | network_security_services | <= 3.20.1 | cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:* |
| opensuse | leap | 42.1 | cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:* |
| opensuse | opensuse | 13.1 | cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* |
| opensuse | opensuse | 13.2 | cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* |
| mozilla | firefox | 38.0 | cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:* |
| mozilla | firefox | 38.0.1 | cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:* |
| mozilla | firefox | 38.0.5 | cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:* |
| mozilla | firefox | 38.1.0 | cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:* |
| mozilla | firefox | 38.1.1 | cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:* |
| mozilla | firefox | 38.2.0 | cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:* |
| mozilla | firefox | 38.2.1 | cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:* |
| mozilla | firefox | 38.3.0 | cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:* |
| mozilla | firefox | 38.4.0 | cpe:2.3:a:mozilla:firefox:38.4.0:*:*:*:*:*:*:* |
| mozilla | firefox | 38.5.0 | cpe:2.3:a:mozilla:firefox:38.5.0:*:*:*:*:*:*:* |
| mozilla | firefox | 38.5.1 | cpe:2.3:a:mozilla:firefox:38.5.1:*:*:*:*:*:*:* |
| canonical | ubuntu_linux | 14.04 | cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* |
| canonical | ubuntu_linux | 15.04 | cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:* |
| canonical | ubuntu_linux | 15.10 | cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:* |
| mozilla | firefox | <= 43.0.1 | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |