29 matches found
EUVD-2013-1767
Malware in sbrugna...
SUSE CVE-2013-1740
The sslDo1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services NSS before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic...
Automatic Cheating Detection in Human Racing
This is a fascinating glimpse of the future of automatic cheating detection in sports: Maybe you heard about the truly insane false-start controversy in track and field? Devon Allen--a wide receiver for the Philadelphia Eagles--was disqualified from the 110-meter hurdles at the World Athletics...
NSS incorrectly permits skipping of ServerKeyExchange — Mozilla
Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services NSS where the client allows for a ECDHEECDSA exchange where the server does not send its ServerKeyExchange message instead of aborting the handshake. Instead, the NSS client will take the EC key from the ECDS...
CentOS Update for nss CESA-2014:1246 centos5
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Scientific Linux Security Update : nss and nspr on SL5.x i386/x86_64 (20140916)
A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. CVE-2013-1740 A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker coul...
RedHat Update for nss and nspr RHSA-2014:1246-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: nss and nspr security, bug fix, and enhancement update
Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores,...
nss: false start PR_Recv information disclosure security issue
A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server...
Oracle Traffic Director Multiple Vulnerabilities (July 2014 CPU)
The remote host is running an unpatched version of Oracle Traffic Director that is affected by the following vulnerabilities : - The implementation of Network Security Services NSS does not ensure that data structures are initialized, which could result in a denial of service or disclosure of...
CentOS Update for nss CESA-2014:0917 centos6
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS Update for nss-util CESA-2014:0917 centos6
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
nspr, nss security update
CentOS Errata and Security Advisory CESA-2014:0917 Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Critical security...
Scientific Linux Security Update : nss and nspr on SL6.x i386/x86_64 (20140722)
A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. CVE-2014-1544 A flaw was found in the way TLS False Start...
nss: false start PR_Recv information disclosure security issue
A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server...
Critical: Red Hat Security Advisory: nss and nspr security, bug fix, and enhancement update
Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base...
Oracle iPlanet Web Proxy Server 4.0 < 4.0.24 Multiple Vulnerabilities
The remote host has a version of Oracle iPlanet Web Proxy Server formerly Sun Java System Web Proxy Server 4.0 prior to 4.0.24. It is, therefore, affected by the following vulnerabilities : - The implementation of Network Security Services NSS does not ensure that data structures are initialized,...
openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2014:0212-1)
Mozilla Firefox was updated to version 27. Mozilla SeaMonkey was updated to 2.24, fixing similar issues as Firefox 27. Mozilla Thunderbird was updated to 24.3.0, fixing similar issues as Firefox 27. The Firefox 27 release brings TLS 1.2 support as a major security feature. It also fixes following...
[USN-2088-1] NSS vulnerability
========================================================================== Ubuntu Security Notice USN-2088-1 January 23, 2014 nss vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...
Mozilla NSS SSL connection spoofing
Invalid TLS False Start feature implementation...