425 matches found
UBUNTU-CVE-2015-7182
Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services NSS before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service application crash or possibly...
NSS: ECDSA signature validation fails to handle some signatures correctly (MFSA 2015-64)
A flaw was found in the way NSS verified certain ECDSA Elliptic Curve Digital Signature Algorithm signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks...
UBUNTU-CVE-2014-1569
The definitelengthdecoder function in lib/util/quickder.c in Mozilla Network Security Services NSS before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long...
DEBIAN-CVE-2013-1740
The sslDo1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services NSS before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic...
nss: Integer truncation in certificate parsing (MFSA 2013-103)
Integer overflow in Mozilla Network Security Services NSS 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value...
Penetration Testing Browser Bundle: PenQ
PenQ is an open source, Linux-based penetration testing browser bundle we built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more. Penetration Testin...
Mozilla Firefox ESR Multiple Vulnerabilities - August12 (Windows)
This host is installed with Mozilla Firefox ESR and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillafirefoxesrmultvulnaug12win.nasl 6079 2017-05-08 09:03:33Z teissa $ Mozilla Firefox ESR Multiple Vulnerabilities - August12 Windows Authors: Arun Kallavi Copyright:...
Mozilla: Out-of-bounds write in Cairo library (MFSA 2013-31)
Integer signedness error in the pixmanfillsse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows...
Mozilla NSS library TLS timing attacks
"Lucky Thirteen" attacks are possible...
Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20121009)
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
CentOS Update for firefox CESA-2012:0387 centos5
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Mozilla: JSDependentString:: undepend string conversion results in memory corruption (MFSA 2012-52)
Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service memory...
CVE-2011-5094
Mozilla Network Security Services NSS 3.x, with certain settings of the SSLENABLERENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service CPU consumption by...
Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)
Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and attack vectors. NOTE: see CVE-2012-3105 for the related MFSA 2012-34 issue in Mozilla products...
Critical: Red Hat Security Advisory: pango security update
Updated pango packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CentOS Update for firefox CESA-2010:0966 centos4 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
firefox/thunderbird/seamonkey: browser chrome defacement via cached XUL stylesheets (MFSA 2010-14)
The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to...
RedHat Security Advisory RHSA-2009:1530
The remote host is missing updates announced in advisory RHSA-2009:1530. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime NSPR. A flaw was found in the way Firefox handles form history. A...
Critical: Red Hat Security Advisory: firefox security update
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime...
firefox/nss: doesn't handle NULL in Common Name properly
Mozilla Network Security Services NSS before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to...