nss: Use-after-free during processing of DER encoded keys in NSS (MFSA 2016-36)

A use-after-free flaw was found in the way NSS processed certain DER Distinguished Encoding Rules encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause th...

Moderate: Red Hat Security Advisory: nss, nspr, nss-softokn, and nss-util security, bug fix, and enhancement update

An update for nss, nspr, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

CentOS Update for nss-util CESA-2016:0591 centos6

Check the version of nss-util SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882447";...

Mozilla Network Security Services Memory Misreference Vulnerability

Firefox is an open source web browser. A memory misreference vulnerability in the handling of DER-encoded keys by Mozilla Network Security Services allows remote attackers to exploit the vulnerability to construct a malicious web page that can be tricked into parsing by a user, which can crash th...

Updated firefox packages fix security vulnerabilities

Updated nss and firefox packages fix security vulnerabilities: Security researcher SkyLined reported a use-after-free issue in how audio is handled through the Web Audio API during MediaStream playback through interactions with the Web Audio API. This results in a potentially exploitable crash...

FreeBSD : NSS -- multiple vulnerabilities (c4292768-5273-4f17-a267-c5fe35125ce4)

Mozilla Foundation reports : Security researcher Francis Gabriel reported a heap-based buffer overflow in the way the Network Security Services NSS libraries parsed certain ASN.1 structures. An attacker could create a specially crafted certificate which, when parsed by NSS, would cause it to cras...

NSS -- multiple vulnerabilities

Mozilla Foundation reports: Security researcher Francis Gabriel reported a heap-based buffer overflow in the way the Network Security Services NSS libraries parsed certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause it to crash...

Use-after-free during processing of DER encoded keys in NSS — Mozilla

Mozilla developer Tim Taubert used the Address Sanitizer tool and software fuzzing to discover a use-after-free vulnerability while processing DER encoded keys in the Network Security Services NSS libraries. The vulnerability overwrites the freed memory with zeroes. This issue has been addressed ...