Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-2123-1
HistoryNov 01, 2010 - 12:00 a.m.

nss - cryptographic weaknesses

2010-11-0100:00:00
Google
osv.dev
26

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Several vulnerabilities have been discovered in Mozilla’s Network
Security Services (NSS) library. The Common Vulnerabilities and
Exposures project identifies the following problems:

  • CVE-2010-3170
    NSS recognizes a wildcard IP address in the subject’s Common
    Name field of an X.509 certificate, which might allow
    man-in-the-middle attackers to spoof arbitrary SSL servers via
    a crafted certificate issued by a legitimate Certification
    Authority.
  • CVE-2010-3173
    NSS does not properly set the minimum key length for
    Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for
    remote attackers to defeat cryptographic protection mechanisms
    via a brute-force attack.

For the stable distribution (lenny), these problems have been fixed in
version 3.12.3.1-0lenny2.

For the unstable distribution (sid) and the upcoming stable
distribution (squeeze), these problems have been fixed in version
3.12.8-1.

We recommend that you upgrade your NSS packages.

Related

debian 3
openvas 49
ubuntu 1
nessus 48
fedora 9
cve 2
oraclelinux 3
debiancve 2
securityvulns 3
veracode 2
prion 2
mozilla 2
ubuntucve 2
redhat 3
centos 2
freebsd 1
suse 2
vmware 2
gentoo 1
debian
debian
BSA-009 Security Update for nss
2010-11-02 19:04:18
[SECURITY] [DSA 2123-1] New NSS packages fix cryptographic weaknesses
2010-11-01 19:45:41
BSA-009 Security Update for nss
2010-11-02 15:06:03
openvas
openvas
Debian: Security Advisory (DSA-2123-1)
2010-11-17 00:00:00
Debian Security Advisory DSA 2123-1 (nss)
2010-11-17 00:00:00
Ubuntu: Security Advisory (USN-1007-1)
2010-10-22 00:00:00
ubuntu
ubuntu
NSS vulnerabilities
2010-10-20 00:00:00
nessus
nessus
Debian DSA-2123-1 : nss - several vulnerabilities
2010-11-03 00:00:00
Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS / 10.10 : nss vulnerabilities (USN-1007-1)
2010-10-21 00:00:00
Fedora 14 : nss-3.12.8-2.fc14 / nss-softokn-3.12.8-1.fc14 / nss-util-3.12.8-1.fc14 (2010-15897)
2010-10-29 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: nss-3.12.8-2.fc14
2010-10-28 05:48:31
[SECURITY] Fedora 14 Update: nss-softokn-3.12.8-1.fc14
2010-10-28 05:48:31
[SECURITY] Fedora 13 Update: nss-3.12.8-2.fc13
2010-10-27 22:30:59
cve
cve
CVE-2010-3173
2010-10-21 19:00:00
CVE-2010-3170
2010-10-21 19:00:00
oraclelinux
oraclelinux
nss security update
2011-02-11 00:00:00
seamonkey security update
2010-10-20 00:00:00
firefox security update
2010-10-20 00:00:00
debiancve
debiancve
CVE-2010-3170
2010-10-21 19:00:00
CVE-2010-3173
2010-10-21 19:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2010-70
2010-10-23 00:00:00
Mozilla Foundation Security Advisory 2010-72
2010-10-23 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey / NSS multiple security vulnerabilities
2010-10-23 00:00:00
veracode
veracode
Man-in-the-Middle (MitM)
2020-04-10 00:53:00
Insecure TLS Configuration
2020-04-10 00:53:00
prion
prion
Design/Logic Flaw
2010-10-21 19:00:00
Design/Logic Flaw
2010-10-21 19:00:00
mozilla
mozilla
SSL wildcard certificate matching IP addresses — Mozilla
2010-10-19 00:00:00
Insecure Diffie-Hellman key exchange — Mozilla
2010-10-19 00:00:00
ubuntucve
ubuntucve
CVE-2010-3170
2010-10-20 00:00:00
CVE-2010-3173
2010-10-20 00:00:00
redhat
redhat
(RHSA-2010:0862) Low: nss security update
2010-11-10 00:00:00
(RHSA-2010:0781) Critical: seamonkey security update
2010-10-19 00:00:00
(RHSA-2010:0782) Critical: firefox security update
2010-10-19 00:00:00
centos
centos
seamonkey security update
2010-10-25 12:12:58
firefox, nss, xulrunner security update
2010-10-20 14:29:05
freebsd
freebsd
mozilla -- multiple vulnerabilities
2010-10-19 00:00:00
suse
suse
remote code execution in MozillaFirefox,seamonkey,MozillaThunderbird
2010-11-08 11:27:17
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
vmware
vmware
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for OSV:DSA-2123-1
debian3openvas49ubuntu1nessus48fedora9cve2oraclelinux3debiancve2securityvulns3veracode2prion2mozilla2ubuntucve2redhat3centos2freebsd1suse2vmware2gentoo1