Lucene search
+L

425 matches found

OSV
OSV
added 2015/11/04 12:0 a.m.4 views

UBUNTU-CVE-2015-7182

Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services NSS before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service application crash or possibly...

9.8CVSS7.9AI score0.10238EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2015/08/24 3:38 p.m.3 views

NSS: ECDSA signature validation fails to handle some signatures correctly (MFSA 2015-64)

A flaw was found in the way NSS verified certain ECDSA Elliptic Curve Digital Signature Algorithm signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks...

4.3CVSS6.8AI score0.03594EPSS
Exploits0References5
OSV
OSV
added 2014/12/15 12:0 a.m.3 views

UBUNTU-CVE-2014-1569

The definitelengthdecoder function in lib/util/quickder.c in Mozilla Network Security Services NSS before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long...

7.5CVSS7.3AI score0.03182EPSS
Exploits4References7
OSV
OSV
added 2014/01/18 10:55 p.m.1 views

DEBIAN-CVE-2013-1740

The sslDo1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services NSS before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic...

5.8CVSS6.6AI score0.01929EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2013/12/05 4:11 p.m.7 views

nss: Integer truncation in certificate parsing (MFSA 2013-103)

Integer overflow in Mozilla Network Security Services NSS 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value...

7.5CVSS6.6AI score0.03893EPSS
Exploits0References5
n0where
n0where
added 2013/09/03 11:34 p.m.210 views

Penetration Testing Browser Bundle: PenQ

PenQ is an open source, Linux-based penetration testing browser bundle we built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more. Penetration Testin...

0.1AI score
Exploits0
OpenVAS
OpenVAS
added 2013/07/17 12:0 a.m.30 views

Mozilla Firefox ESR Multiple Vulnerabilities - August12 (Windows)

This host is installed with Mozilla Firefox ESR and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillafirefoxesrmultvulnaug12win.nasl 6079 2017-05-08 09:03:33Z teissa $ Mozilla Firefox ESR Multiple Vulnerabilities - August12 Windows Authors: Arun Kallavi Copyright:...

9.3CVSS0.7AI score0.0235EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2013/04/02 7:37 p.m.2 views

Mozilla: Out-of-bounds write in Cairo library (MFSA 2013-31)

Integer signedness error in the pixmanfillsse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows...

6.8CVSS7.8AI score0.03941EPSS
Exploits0References5
securityvulns
securityvulns
added 2013/03/24 12:0 a.m.48 views

Mozilla NSS library TLS timing attacks

"Lucky Thirteen" attacks are possible...

4.3CVSS2.5AI score0.03723EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2012/10/11 12:0 a.m.51 views

Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20121009)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

9.3CVSS8.6AI score0.42609EPSS
Exploits5References21
OpenVAS
OpenVAS
added 2012/07/30 12:0 a.m.18 views

CentOS Update for firefox CESA-2012:0387 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

9.3CVSS8.5AI score0.0663EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2012/07/17 7:21 p.m.8 views

Mozilla: JSDependentString:: undepend string conversion results in memory corruption (MFSA 2012-52)

Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service memory...

10CVSS7.8AI score0.05593EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2012/06/16 9:55 p.m.4 views

CVE-2011-5094

Mozilla Network Security Services NSS 3.x, with certain settings of the SSLENABLERENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service CPU consumption by...

5CVSS5.6AI score0.66422EPSS
Exploits1References11
RedHat Linux
RedHat Linux
added 2012/06/05 8:56 p.m.6 views

Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)

Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and attack vectors. NOTE: see CVE-2012-3105 for the related MFSA 2012-34 issue in Mozilla products...

10CVSS7.3AI score0.01829EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2011/03/01 11:40 p.m.50 views

Critical: Red Hat Security Advisory: pango security update

Updated pango packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

6.8CVSS6.3AI score0.03333EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2011/01/31 12:0 a.m.240 views

CentOS Update for firefox CESA-2010:0966 centos4 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

9.3CVSS8.5AI score0.08669EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2010/02/17 9:12 p.m.6 views

firefox/thunderbird/seamonkey: browser chrome defacement via cached XUL stylesheets (MFSA 2010-14)

The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to...

5CVSS7.4AI score0.01689EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2009/11/11 12:0 a.m.33 views

RedHat Security Advisory RHSA-2009:1530

The remote host is missing updates announced in advisory RHSA-2009:1530. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime NSPR. A flaw was found in the way Firefox handles form history. A...

10CVSS7.8AI score0.28167EPSS
Exploits53References3
RedHat Linux
RedHat Linux
added 2009/10/27 10:43 p.m.45 views

Critical: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime...

10CVSS6.8AI score0.28167EPSS
Exploits55References12
RedHat Linux
RedHat Linux
added 2009/08/12 2:31 p.m.6 views

firefox/nss: doesn't handle NULL in Common Name properly

Mozilla Network Security Services NSS before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to...

6.8CVSS7AI score0.05741EPSS
Exploits4References4
Rows per page
Query Builder