Security Bulletin: IBM MQ Appliance is affected by a Network Security Services (NSS) vulnerability (CVE-2017-7805)

Summary IBM MQ Appliance has addressed a vulnerability in Network Security Services NSS. Vulnerability Details CVEID: CVE-2017-7805 DESCRIPTION: Network Security Services could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in TLS 1.2 generating...

Design/Logic Flaw

During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer...

CVE-2017-7805

During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer...

CVE-2017-7805

CVE-2017-7805 is a use-after-free vulnerability in the NSS TLS 1.2 implementation where handshake hashes can reference a freed buffer, potentially crashing the application and enabling arbitrary code execution. Public sources consistently tie the issue to NSS and Firefox/Thunderbird components, n...

FreeBSD : nss -- Use-after-free in TLS 1.2 generating handshake hashes (e71fd9d3-af47-11e7-a633-009c02a2ab30)

Mozilla reports : During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This...

USN-3435-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, bypass phishing and malware protection, spoof the origin in modal dialogs,...

UBUNTU-CVE-2017-7805

During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer...

Security vulnerabilities fixed in Firefox 56 — Mozilla

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake addre...

Security vulnerabilities fixed in Firefox ESR 52.4 — Mozilla

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications ARIA elements...

nss -- Use-after-free in TLS 1.2 generating handshake hashes

Mozilla reports: During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leav...