12 matches found
Mozilla Firefox Security Advisory (MFSA2013-40) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
Debian DLA-2015-1 : nss security update
Handling of Netscape Certificate Sequences in CERTDecodeCertPackage may haved crash with a NULL deref leading to a denial of service. For Debian 8 'Jessie', this problem has been fixed in version 2:3.26-1+debu8u8. We recommend that you upgrade your nss packages. NOTE: Tenable Network Security has...
RHEL 7 : nss, nss-softokn, nss-util, and nspr (RHSA-2019:2237)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2237 advisory. Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server...
NSS Netscape Certificate Sequences CERT_DecodeCertPackage() Crash Vulnerability
NSS suffers from a NULL dereference issue when parsing Netscape Certificate Sequences in CERTDecodeCertPackage. nss: CERTDecodeCertPackage crash with Netscape Certificate Sequences I noticed that the main entrypoint for decoding DER blobs in NSS, CERTDecodeCertPackage, actually handles multiple...
NSS Netscape Certificate Sequences CERT_DecodeCertPackage() Crash
nss: CERTDecodeCertPackage crash with Netscape Certificate Sequences I noticed that the main entrypoint for decoding DER blobs in NSS, CERTDecodeCertPackage, actually handles multiple formats including PEM, PKCS7, and old Netscape Certificate Sequences. You can generate a Netscape Certificate...
USN-1791-1: Thunderbird vulnerabilities
Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic and Joe Drew discovered multiple memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a...
Mozilla Thunderbird ESR Multiple Vulnerabilities -01 Apr13 (Mac OS X)
This host is installed with Mozilla Thunderbird ESR and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillathunderbirdesrmultvuln01apr13macosx.nasl 6074 2017-05-05 09:03:14Z teissa $ Mozilla Thunderbird ESR Multiple Vulnerabilities -01 Apr13 Mac OS X Authors: Thanga...
Mozilla Firefox ESR Multiple Vulnerabilities -01 Apr13 (Mac OS X)
This host is installed with Mozilla Firefox ESR and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillafirefoxesrmultvuln01apr13macosx.nasl 6079 2017-05-08 09:03:33Z teissa $ Mozilla Firefox ESR Multiple Vulnerabilities -01 Apr13 Mac OS X Authors: Thanga Prakash S...
Mozilla Thunderbird Multiple Vulnerabilities -01 Apr13 (Windows)
This host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillathunderbirdmultvuln01apr13win.nasl 6086 2017-05-09 09:03:30Z teissa $ Mozilla Thunderbird Multiple Vulnerabilities -01 Apr13 Windows Authors: Thanga Prakash S...
Mozilla Thunderbird ESR Multiple Vulnerabilities -01 (Apr 2013) - Windows
Mozilla Thunderbird ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Thunderbird ESR 17.x < 17.0.5 Multiple Vulnerabilities (Mac OS X)
The installed version of Thunderbird ESR 17.x is prior to 17.0.5 and is, therefore, potentially affected the following vulnerabilities : - Various memory safety issues exist. CVE-2013-0788 - An out-of-bounds memory read error exists related to 'CERTDecodeCertPackage' and certificate decoding...
Out-of-bounds array read in CERT_DecodeCertPackage — Mozilla
Mozilla community member Ambroz Bizjak reported an out-of-bounds array read in the CERTDecodeCertPackage function of the Network Security Services NSS library when decoding a certificate. When this occurs, it will lead to memory corruption and a non-exploitable crash...