8 matches found
SUSE CVE-2013-1620
The TLS implementation in Mozilla Network Security Services NSS does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attac...
nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate
A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the attack complexi...
Mozilla Network Security Service Information Disclosure Vulnerability
Mozilla Network Security Services NSS is the United States Mozilla Foundation developed a library network security services library, it can provide cross-platform support for SSL, S/MIME and other Internet security standards. An information disclosure vulnerability exists in Mozilla NSS versions...
UBUNTU-CVE-2015-7182
Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services NSS before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service application crash or possibly...
DEBIAN-CVE-2013-1740
The sslDo1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services NSS before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic...
nss: Integer truncation in certificate parsing (MFSA 2013-103)
Integer overflow in Mozilla Network Security Services NSS 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value...
CVE-2011-5094
Mozilla Network Security Services NSS 3.x, with certain settings of the SSLENABLERENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service CPU consumption by...
firefox/nss: doesn't handle NULL in Common Name properly
Mozilla Network Security Services NSS before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to...