Updated nspr, nss and firefox(-l10n) packages fix security issues

The updated packages fix security vulnerabilities: Incorrect boundary conditions in the Audio/Video: Web Codecs component. CVE-2026-8946 Incorrect boundary conditions in the JavaScript Engine: JIT component. CVE-2026-8388 Use-after-free in the DOM: Bindings WebIDL component. CVE-2026-8947 Other...

Amazon Linux 2023 : nspr, nspr-devel, nss (ALAS2023-2026-1703)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1703 advisory. Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. CVE-2026-6766 Other...

MiracleLinux 8 : nspr-4.32.0-1.el8, nss-3.67.0-6.el8 (AXSA:2021-2445:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2445:02 advisory. nss: TLS 1.3 CCS flood remote DoS Attack CVE-2020-25648 Tenable has extracted the preceding description block directly from the MiracleLinux security advisor...

Debian Security Advisory DSA 3687-1 (nspr - security update)

Two vulnerabilities were reported in NSPR, a library to abstract over operating system interfaces developed by the Mozilla project. CVE-2016-1951 q1 reported that the NSPR implementation of sprintf-style string formatting function miscomputed memory allocation sizes, potentially leading to...

nspr: heap-buffer overflow in PL_ARENA_ALLOCATE (MFSA 2015-133)

A heap-based buffer overflow was found in NSPR. An attacker could use this flaw to cause NSPR to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSPR library...

Scientific Linux Security Update : nss and nspr on SL5.x i386/x86_64 (20151104)

A use-after-poison flaw and a heap-based buffer overflow flaw were found in the way NSS parsed certain ASN.1 structures. An attacker could use these flaws to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library...

Critical: Red Hat Security Advisory: nss, nss-util, and nspr security update

Updated nss, nss-util, and nspr packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

nspr: heap-buffer overflow in PL_ARENA_ALLOCATE (MFSA 2015-133)

A heap-based buffer overflow was found in NSPR. An attacker could use this flaw to cause NSPR to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSPR library...

SUSE-SU-2015:1680-1 Security update for MozillaFirefox, mozilla-nspr

Mozilla Firefox was updated to version 38.3.0 ESR bsc947003, fixing bugs and security issues. MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards rv:41.0 / rv:38.3 MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video MFSA...

DSA-2820-1 nspr - integer overflow

Bulletin has no description...

PT-2013-5677 · Mozilla +4 · Firefox +6

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 25.0.1 Mozilla Firefox ESR 17.x versions prior to 17.0.11 Mozilla Firefox ESR 24.x versions prior to 24.1.1 SeaMonkey versions prior to 2.22.1 NSPR versions prior to 4.10.2 Description: The issue is related t...

CentOS 5 : nss (CESA-2013:1135)

Updated nss and nspr packages that fix two security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...

USN-1687-2: NSPR update

USN-1687-1 fixed a vulnerability NSS. This update provides the NSPR needed to use the new NSS. Original advisory details: Two intermediate CA certificates were mis-issued by the TURKTRUST certificate authority. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw...

SuSE 10 Security Update : Mozilla (ZYPP Patch Number 7196)

The Mozilla NSS Library was updated to version 3.12.8 and the Mozilla NSPR Library was updated to 4.8.6 to fix various bugs and one security issue : - Disallow wildcard matching in X509 certificate Common Names. CVE-2010-3170 This update also has preparations for Firefox 4 support, and a updated...

[Full-disclosure] iDefense Security Advisory 10.11.06: Sun Microsystems Solaris NSPR Library Arbitrary File Creation Vulnerability

Sun Microsystems Solaris NSPR Library Arbitrary File Creation Vulnerability iDefense Security Advisory 10.11.06 http://www.idefense.com/intelligence/vulnerabilities/ Oct 11, 2006 I. BACKGROUND The Netscape Portable Runtime NSPR API allows compliant applications to use system facilities such as...

Sun Solaris NSPR library privilege escalation

Environment variable is used for log filename...

PT-2006-7535 · Gentoo +3 · Gentoo Linux +7

Name of the Vulnerable Software and Affected Versions: libnspr4 versions affected versions not specified libnss3 versions affected versions not specified nss versions prior to 3.11.3 libnspr-dev versions affected versions not specified libnss-dev versions affected versions not specified...