NSS -- multiple vulnerabilities

2017-03-17T00:00:00
ID 4CB165F0-6E48-423E-8147-92255D35C0F7
Type freebsd
Reporter FreeBSD
Modified 2017-03-17T00:00:00

Description

Mozilla Foundation reports:

An out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.