SUSE CVE-2013-1620

The TLS implementation in Mozilla Network Security Services NSS does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attac...

Mozilla Network Security Service Information Disclosure Vulnerability

Mozilla Network Security Services NSS is the United States Mozilla Foundation developed a library network security services library, it can provide cross-platform support for SSL, S/MIME and other Internet security standards. An information disclosure vulnerability exists in Mozilla NSS versions...

DEBIAN-CVE-2013-1740

The sslDo1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services NSS before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic...

nss: Integer truncation in certificate parsing (MFSA 2013-103)

Integer overflow in Mozilla Network Security Services NSS 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value...

CVE-2011-5094

Mozilla Network Security Services NSS 3.x, with certain settings of the SSLENABLERENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service CPU consumption by...

firefox/nss: doesn't handle NULL in Common Name properly

Mozilla Network Security Services NSS before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to...