CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2014/09/26 12:0 a.m.•36 views

Mozilla Thunderbird 24.x < 24.8.1 NSS Signature Verification Vulnerability

The version of Thunderbird 24.x installed on the remote host is prior to 24.8.1. It is, therefore, affected by a flaw in the Network Security Services NSS library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL...

7.5CVSS6.9AI score0.336EPSS

Mandriva Linux Security Advisory : nss (MDVSA-2014:189)

A vulnerability has been discovered and corrected in Mozilla NSS : Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services NSS libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature...

Tenable Nessus•added 2014/09/26 12:0 a.m.•38 views

Debian DSA-3034-1 : iceweasel - security update

Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS the Mozilla Network Security Service library, embedded in Wheezy's Iceweasel package, was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack. An attacker could craft ASN.1 data to forge RS...

7.5CVSS7AI score0.336EPSS

Exploits0References3

Firefox < 32.0.3 NSS Signature Verification Vulnerability

The version of Firefox installed on the remote host is prior to 32.0.3. It is, therefore, affected by a flaw in the Network Security Services NSS library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificate...

7.5CVSS7AI score0.336EPSS

Debian DSA-3033-1 : nss - security update

Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS the Mozilla Network Security Service library was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack. An attacker could craft ASN.1 data to forge RSA certificates with a valid certification...

Exploits0References3

Tenable Nessus•added 2014/09/26 12:0 a.m.•34 views

FreeBSD : NSS -- RSA Signature Forgery (48108fb0-751c-4cbb-8f33-09239ead4b55)

The Mozilla Project reports : Antoine Delignat-Lavaud discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificate...

7.5CVSS7AI score0.336EPSS

Exploits0References3

Firefox ESR 31.x < 31.1.1 NSS Signature Verification Vulnerability

Tenable Nessus•added 2014/09/26 12:0 a.m.•23 views

Mozilla Thunderbird < 31.1.2 NSS Signature Verification Vulnerability (Mac OS X)

The version of Thunderbird installed on the remote host is prior to 31.1.2. It is, therefore, affected by a flaw in the Network Security Services NSS library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL...

OSV•added 2014/09/26 12:0 a.m.•15 views

DSA-3037-1 icedove - security update

Bulletin has no description...

7.5CVSS5.4AI score0.336EPSS

Tenable Nessus•added 2014/09/26 12:0 a.m.•26 views

Mozilla Thunderbird 24.x < 24.8.1 NSS Signature Verification Vulnerability (Mac OS X)

Debian•added 2014/09/25 2:59 p.m.•30 views

[SECURITY] [DLA 62-1] nss security update

Package : nss Version : 3.12.8-1+squeeze9 CVE ID : CVE-2014-1568 Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS the Mozilla Network Security Service library was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack. An attacker could craf...

7.5CVSS6.8AI score0.336EPSS

ThreatPost•added 2014/09/25 12:41 p.m.•11 views

Mozilla Patches RSA Signature Forgery in NSS, Firefox

The Mozilla Foundation has issued a security alert informing users that they have updated a number of their products in order to fix a vulnerability that could allow an attacker to forge RSA certificate signatures and perform man-in-the-middle attacks. The vulnerability has been known for some...

1.7AI score

Exploits0References1

Debian•added 2014/09/25 6:25 a.m.•45 views

[SECURITY] [DSA 3034-1] iceweasel security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3034-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez September 25, 2014 http://www.debian.org/security/faq -...

7.5CVSS6AI score0.336EPSS

Debian•added 2014/09/25 12:23 a.m.•30 views

[SECURITY] [DSA 3033-1] nss security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3033-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez September 25, 2014 http://www.debian.org/security/faq -...

7.5CVSS6AI score0.336EPSS

Tenable Nessus•added 2014/09/25 12:0 a.m.•20 views

Google Chrome < 37.0.2062.124 Multiple Vulnerabilities (Mac OS X)

The version of Google Chrome installed on the remote Mac OS X host is a version prior to 37.0.2062.124. It is, therefore, affected by an issue in the Network Security Services NSS libraries. This issue is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forgery...

OSV•added 2014/09/25 12:0 a.m.•15 views

DSA-3034-1 iceweasel - security update

Bulletin has no description...

7.5CVSS5.4AI score0.336EPSS

Tenable Nessus•added 2014/09/25 12:0 a.m.•28 views

Google Chrome < 37.0.2062.124 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is a version prior to 37.0.2062.124. It is, therefore, affected by an issue in the Network Security Services NSS libraries. This issue is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forgery of RSA...

7.5CVSS6.8AI score0.336EPSS

Slackware Linux•added 2014/09/24 11:37 p.m.•13 views

[slackware-security] mozilla-nss

New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/mozilla-nss-3.16.5-i486-1slack14.1.txz: Upgraded. Fixed an RSA Signature Forgery vulnerability. For more information, see...

6.9AI score