SUSE CVE-2010-3173

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral DHE mode, which makes it easier for remote attackers to defeat...

CVE-2017-17549

Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS...

CVE-2017-17549 - Information Disclosure in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Client TLS Handshake

Description of Problem A vulnerability has been identified in the Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway Packet Engine that could result in the disclosure of cleartext traffic from the backend client TLS handshake. This vulnerability only affects connections...

CVE-2017-3730

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack...

MS15-055: Vulnerability in Schannel could allow information disclosure: May 12, 2015

MS15-055: Vulnerability in Schannel could allow information disclosure: May 12, 2015 Summary This security update resolves a vulnerability in Windows. The vulnerability could allow information disclosure when Secure Channel Schannel allows the use of a weak Diffie-Hellman ephemeral DHE key length...

Security update for MozillaFirefox, mozilla-nss (important)

MozillaFirefox was updated to version 49.0 boo999701 - New features Updated Firefox Login Manager to allow HTTPS pages to use saved HTTP logins. Added features to Reader Mode that make it easier on the eyes and the ears Improved video performance for users on systems that support SSE3 without...

Debian DSA-3324-1 : icedove - security update (Logjam)

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service. This update also addresses a vulnerability...

[SECURITY] [DSA 3324-1] icedove security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3324-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini August 01, 2015 https://www.debian.org/security/faq -...

DSA-3324-1 icedove - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3324-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 12.04 LTS : firefox vulnerabilities (USN-2656-2) (Logjam)

USN-2656-1 fixed vulnerabilities in Firefox for Ubuntu 14.04 LTS and later releases. This update provides the corresponding update for Ubuntu 12.04 LTS. Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to...

Debian DSA-3300-1 : iceweasel - security update (Logjam)

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service. This update also addresses a vulnerability i...

DSA-3300-1 iceweasel - security update

Bulletin has no description...

Debian Security Advisory DSA 3300-1 (iceweasel - security update)

Multiple security issues have been found in Iceweasel, Debian OpenVAS Vulnerability Test $Id: deb3300.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3300-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2015 Greenbone Networks Gm...

NSS accepts export-length DHE keys with regular DHE cipher suites — Mozilla

Security researcher Matthew Green reported a Diffie–Hellman DHE key processing issue in Network Security Services NSS where a man-in-the-middle MITM attacker can force a server to downgrade TLS connections to 512-bit export-grade cryptography by modifying client requests to include only...