openSUSE: Security Advisory for mozilla-nss (openSUSE-SU-2014:1232-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox ESR RSA Spoof Vulnerability (Sep 2014) - Mac OS X

Mozilla Firefox ESR is prone to spoof vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

SuSE 11.3 Security Update : mozilla-nss (SAT Patch Number 9777)

Mozilla NSS was updated to version 3.16.5 to fix a RSA certificate forgery issue. - Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services NSS libraries affecting all versions. He discovered that NSS is vulnerable to a variant ...

Updated nss packages fix CVE-2014-1568

Updated nss packages fix security vulnerability: Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services NSS libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack...

Mozilla Thunderbird 24.x < 24.8.1 NSS Signature Verification Vulnerability (Mac OS X)

The version of Thunderbird 24.x installed on the remote host is prior to 24.8.1. It is, therefore, affected by a flaw in the Network Security Services NSS library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL...

Firefox ESR 31.x < 31.1.1 NSS Signature Verification Vulnerability

The version of Firefox ESR 31.x installed on the remote host is prior to 31.1.1. It is, therefore, affected by a flaw in the Network Security Services NSS library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL...

Ubuntu 14.04 LTS : NSS vulnerability (USN-2361-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2361-1 advisory. Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates. Tenab...

Ubuntu 14.04 LTS : Thunderbird vulnerabilities (USN-2360-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2360-2 advisory. USN-2360-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Tenable has extracted the preceding description block...

NSS: Signature forgery attack

Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services NSS libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is...

NSS -- RSA Signature Forgery

The Mozilla Project reports: Antoine Delignat-Lavaud discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates...