CVE-2014-1492

The connected document confirms CVE-2014-1492 relates to Mozilla NSS: the cert_TestHostName function in NSS 3.x (lib/certdb/certdb.c) may accept a wildcard embedded in an internationalized domain name’s U-label, enabling MITM spoofing of SSL servers. The description similarly states the vulnerabi...

CVE-2014-1491

CVE-2014-1491 describes an issue in the Mozilla NSS library where public DH values were not properly restricted, enabling remote attackers to bypass cryptographic protections in ticket handling when NSS was used (e.g., in Firefox/Thunderbird/SeaMonkey). The vulnerability affects NSS

CVE-2015-4000

CVE-2015-4000 is the Logjam vulnerability: when a server enables DHE_EXPORT ciphers and the client does not, the TLS handshake may downgrade to 512‑bit export‑grade DH, allowing a MITM to decrypt traffic. Public details describe the issue in TLS as a downgrade attack on Diffie–Hellman key exchang...

CVE-2019-17006

CVE-2019-17006 : In Network Security Services (NSS) prior to 3.46, several cryptographic primitives lacked input length checks, enabling a heap-based buffer overflow that could crash the application or, per in-document wording, potentially allow code execution. The issue is associated with NSS us...

CVE-2017-5461

CVE-2017-5461 affects Mozilla NSS. The vulnerability is an out-of-bounds write in Base64 decoding due to insufficient memory allocation, allowing a remote attacker to crash or potentially execute arbitrary code via a crafted certificate. Affected NSS versions include 3.21.4, 3.22.x–3.28.x before ...

CVE-2018-12404

CVE-2018-12404 is a cached side‑channel/Bleichenbacher variant affecting NSS TLS PKCS#1 v1.5 padding that could allow decryption of content. The vulnerability affects NSS versions prior to 3.41 (per the connected IBM/DEBIAN/ALAS advisories) and is addressed by upgrading NSS components to a fixed ...

CVE-2014-1568

CVE-2014-1568 covers NSS (and libraries using NSS) where ASN.1 parsing of DigestInfo in X.509 certificates is faulty, enabling remote attackers to forge RSA signatures via crafted certs. Affected NSS/products include NSS itself and Mozilla stack components (Firefox, Thunderbird, SeaMonkey) and Ch...

CVE-2020-25648

CVE-2020-25648 affects the NSS library (TLS 1.3) and describes a denial-of-service condition caused by processing multiple ChangeCipherSpec (CCS) messages. The vulnerability exists in NSS versions prior to 3.58. Several connected advisories indicate fixes/updates to NSS (e.g., NSS 3.58+ and distr...

CVE-2015-7575

CVE-2015-7575 affects NSS (used by Mozilla Firefox) where MD5 signatures in TLS 1.2 ServerKeyExchange are accepted, enabling potential MITM server impersonation. The published description notes NSS before 3.20.2 and Firefox before 43.0.2 / ESR 38.x before 38.5.2 are impacted. Debian/IBM/AIX advis...

CVE-2016-1950

CVE-2016-1950 is a real NSS vulnerability: a heap-based buffer overflow in the ASN.1 DER parser allows remote code execution via crafted data in X.509 certificates. Affected NSS releases include 3.19.2.3 and 3.20.x, and 3.21.x before 3.21.1; it affects Mozilla Firefox up to 45.0 and Firefox ESR 3...

CVE-2015-7182

CVE-2015-7182: In Mozilla NSS, a heap-based overflow in the ASN.1 decoder (DER/BER handling) affects NSS before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4. This can cause denial of service or possibly remote code execution via crafted OCTET ...

CVE-2018-12384

The CVE-2018-12384 issue affects Mozilla NSS (as used by Firefox) where handling an SSLv2-compatible ClientHello uses an all-zero random value instead of a fresh one, enabling malleability and potential information leakage in TLS 1.2 on affected NSS versions prior to 3.39. The vulnerability does ...

CVE-2009-2408

CVE-2009-2408 affects Mozilla NSS up to 3.12.2/Firefox up to 3.0.12/ Thunderbird up to 2.0.0.22 and SeaMonkey up to 1.1.17. The issue is improper handling of a '\0' character in the domain name present in the certificate subject’s Common Name (CN) field of an X.509 certificate. This enables a man...

CVE-2016-2834

CVE-2016-2834 concernsMozilla Network Security Services (NSS), as used in Mozilla Firefox, with NSS versions before 3.23. Exploitation can lead to remote code execution, memory corruption, or denial of service, per connected IBM advisories. Relevant IBM records show NSS in various IBM products (P...

CVE-2015-7183

CVE-2015-7183 is an integer overflow in the PL_ARENA_ALLOCATE path of Netscape Portable Runtime (NSPR) used by NSS. Affected NSS/NSPR versions include NSS prior to 3.19.2.1 and 3.20.x prior to 3.20.1 (as used by Firefox before 42.0 and Firefox ESR 38.x before 38.4, among others). The flaw may all...

CVE-2018-18508

CVE-2018-18508 affects Network Security Services (NSS) prior to 3.36.7 and prior to 3.41.1, where a malformed signature can trigger a null-dereference crash and cause a Denial of Service. The issue is caused by mishandling of signatures in NSS that leads to a crash under certain conditions when v...

CVE-2015-2721

CVE-2015-2721 (NSS) arises from NSS not correctly handling TLS state machine transitions, allowing a MITM to bypass forward secrecy by blocking the ServerKeyExchange message (the SMACK SKIP-TLS issue). Affected: NSS libraries used by Mozilla Firefox/Thunderbird and related products; impact includ...

CVE-2015-7181

CVE-2015-7181 affects the NSS library: the sec_asn1d_parse_leaf function in NSS before 3.19.2.1 and 3.20.x before 3.20.1 improperly restricts access to an unspecified data structure, enabling a remote attacker to crash the application or potentially execute arbitrary code via crafted OCTET STRING...

CVE-2019-17007

CVE-2019-17007 affects Network Security Services (NSS) up to version 3.43.x; a malformed Netscape Certificate Sequence can crash NSS, causing a denial of service. The connected sources confirm this vulnerability in NSS and reference the 3.44 release as the fix (NSS 3.44 release notes). Impact is ...

CVE-2017-5462

The CVE-2017-5462 issue is a DRBG generation flaw in the NSS library where the internal state V does not correctly carry bits over. This vulnerability affects Mozilla products including Thunderbird (<52.1), Firefox ESR (<52.1), Firefox (

CVE-2011-5094

CVE-2011-5094 : Mozilla NSS 3.x, when SSL_ENABLE_RENEGOTIATION is set in certain ways, does not properly restrict client-initiated renegotiation within SSL/TLS. This can allow a remote attacker to induce repeated renegotiations on a single connection, causing CPU exhaustion and a potential denial...

CVE-2015-2730

CVE-2015-2730 affects Mozilla NSS (and NSS-used components such as Firefox/NSS bundles) with improper ECC multiplication handling that can enable remote signature forgery of ECDSA signatures. Connected advisories confirm the vulnerability in NSS prior to 3.19.1 and document mitigation through upg...

CVE-2014-1569

CVE-2014-1569 concerns Mozilla NSS where the definite_length_decoder did not properly validate the DER encoding length in ASN.1, enabling a remote attacker to perform data-smuggling via long encodings (e.g., 0x00) in the SEC_QuickDERDecodeItem path. Public advisories (e.g., Debian DSA-3186-1 and ...

CVE-2009-2409

CVE-2009-2409 involves MD2 use in X.509 certificate signatures across NSS, GnuTLS, and OpenSSL. Root cause: MD2 hash weaknesses allow forging/collision-based certificate spoofing; public updates disable/avoid MD2 and patch implementations. Affected components include NSS library (Firefox usage), ...

CVE-2014-1544

CVE-2014-1544 is a use-after-free in CERT_DestroyCertificate in libnss3.so (NSS) that can allow remote code execution when NSSCertificate structures are improperly removed from a trust domain. Affected: Mozilla NSS as used by Firefox before 31.0, Firefox ESR before 24.7, and Thunderbird before 24...

CVE-2012-0441

The CVE-2012-0441 issue affects the NSS ASN.1 decoder QuickDER. The flaw allows a remote attacker to trigger a denial of service (application crash) via a zero-length item in ASN.1 structures (e.g., a zero-length basic constraint or a zero-length OCSP field). Affected software includes NSS-based ...

CVE-2016-1978

Summary: CVE-2016-1978 is a use-after-free flaw in NSS related to ECDH/DHE TLS handshakes. The issue occurs in ssl3_HandleECDHServerKeyExchange and can allow a remote attacker to cause a denial of service or other impact during high memory consumption. It affects NSS before 3.21 as used in Mozill...

CVE-2017-7502

CVE-2017-7502 is a NULL pointer dereference in Mozilla NSS when the server receives empty SSLv2 messages, enabling denial of service. Connected documents confirm NSS-related impact and multiple vendor advisories (IBM PowerKVM, IBM FlashSystem V840, IBM Security Directory Suite, Debian DSA-3872-1,...

CVE-2013-1620

The CVE-2013-1620 entry concerns the TLS implementation in Mozilla NSS. It describes a timing-side‑channel flaw during a noncompliant CBC padding (MAC check) processing for malformed TLS records, allowing remote attackers to perform distinguishing attacks and plaintext-recovery through timing ana...

CVE-2014-1490

CVE-2014-1490 : A race condition in NSS libssl session ticket processing (use-after-free) could allow remote attackers to cause a denial of service or, per the description, potentially other impact via a resumption handshake. Affected: NSS up to 3.15.4 and, by extension, Mozilla products (Firefox...

CVE-2004-0826

CVE-2004-0826 affects the Netscape Network Security Services (NSS) library’s SSLv2 record parsing. The issue is a heap-based buffer overflow triggered by a modified record length field in an SSLv2 client hello, allowing a remote attacker to execute arbitrary code. Multiple advisories and OpenVAS ...

CVE-2022-3479

CVE-2022-3479 is an NSS vulnerability where the client authentication process can crash when no user certificate is present in the database, potentially causing a segmentation fault. The connected Nessus advisories (Ubuntu USN-5892-1 and SUSE advisories) note NSS-related fixes and recommend updat...

CVE-2016-1979

CVE-2016-1979 is a use-after-free vulnerability in NSS (PK11_ImportDERPrivateKeyInfoAndReturnKey) affecting NSS libraries used by Firefox prior to 45.0, with the issue triggered by crafted DER-encoded key data. Multiple connected advisories (Debian DSA/DLA entries, CentOS/CESA, and F5 advisory) c...

CVE-2007-0009

CVE-2007-0009 describes a stack-based buffer overflow in the SSLv2 handling of the Mozilla Network Security Services (NSS) library, caused by improper handling of the Client Master Key length values. This can enable remote attackers to execute arbitrary code in the context of the affected process...

CVE-2007-0008

CVE-2007-0008 is an NSS heap-based overflow caused by an integer underflow when processing an SSLv2 server message with a key too short to encrypt the Master Secret. It affects SeaMonkey, Firefox, and Thunderbird around NSS usage and was addressed by updating to fixed NSS-containing packages (e.g...

CVE-2013-0791

The connected Nessus advisories confirm CVE-2013-0791 affects Mozilla NSS and upstream products via CERT_DecodeCertPackage, allowing remote doS through out-of-bounds reads and memory corruption when processing crafted certificates. Affected: NSS libraries and apps (Firefox before 20.0, ESR 17.x b...

CVE-2013-1739

CVE-2013-1739 affects Mozilla NSS before 3.15.2, where uninitialized data could be read during a decryption failure. This allows a remote attacker to cause a denial of service (application crash). Upstream/maintainers addressed with NSS fixes; upgrade to a patched NSS (e.g., 3.15.2+ as referenced...

CVE-2013-5605

The vulnerability affects Mozilla NSS 3.14 before 3.14.5 and 3.15 before 3.15.3, where invalid handshake packets can cause a denial of service (and possibly other impact). Affected components are NSS libraries; actions: upgrade to NSS 3.14.5 or 3.15.3 (or later) to remediate. Exploitation details...

CVE-2013-1741

Technical details for CVE-2013-1741 are not publicly available in the provided connected documents. Monitor for updates.

CVE-2009-2404

CVE-2009-2404 corresponds to a heap overflow in the NSS regular-expression parser used by browsers and related apps when processing certificate CN fields. The issue could cause an application crash or, potentially, arbitrary code execution via crafted X.509 certificates. Public advisories in the ...

CVE-2016-8635

CVE-2016-8635 describes a small subgroup confinement attack in the Diffie-Hellman client key exchange within NSS 3.21.x, enabling potential private-key recovery. Connected docs show NSS-related advisories affecting IBM PowerKVM (PowerKVM 2.1/3.1 lines; fixes via PowerKVM updates to 2.1.1.3-65 and...

CVE-2013-1740

CVE-2013-1740 affects Mozilla NSS: the ssl_Do1stHandshake() function in libssl can be exploited when TLS False Start is enabled, allowing MITM attackers to spoof servers by presenting an arbitrary X.509 certificate. Affected NSS versions are prior to 3.15.4; exploitation could disclose unencrypte...

CVE-2006-4340

CVE-2006-4340 is a cryptographic flaw in Mozilla NSS prior to 3.11.3 (used in Firefox ≤1.5.0.7, Thunderbird ≤1.5.0.7, SeaMonkey ≤1.0.5) where RSA with exponent 3 can produce signature forgery due to improper handling of extra data in PKCS #1 v1.5 verification. This enables remote attackers to for...

CVE-2006-5462

CVE-2006-5462 affects the NSS library used by Mozilla Firefox (pre-3.11.3 NSS) and by Thunderbird/SeaMonkey in versions before the listed patched releases. The issue arises when using an RSA key with exponent 3 and corrupted/extra data in a PKCS#1 signature, enabling forgery of SSL/TLS and email ...

CVE-2013-5606

Technical details (affected product/component/versions, root cause or exploit information) are not provided in the connected documents for CVE-2013-5606. Monitor for updates.

CVE-2016-9574

CVE-2016-9574 : Mozilla NSS (as used in Mozilla Firefox) is vulnerable to a remote denial-of-service during the TLS session handshake when using the SessionTicket extension and ECDHE-ECDSA. The issue is described as an error during the session handshake. This CVE requires upgrading NSS to a non-v...

CVE-2017-11697

CVE-2017-11697 affects Mozilla NSS: the __hash_open function in hash.c:229 can be abused via a crafted cert8.db to trigger a denial-of-service (floating point exception and crash) locally. The provided documents confirm the vulnerability detail but do not specify a vendor patch in the CVE entry i...

CVE-2017-11695

CVE-2017-11695 : Heap-based buffer overflow in the alloc_segs function of NSS (lib/dbm/src/hash.c) used by Mozilla NSS when processing crafted cert8.db files. Exploitation is context-dependent with unspecified impact per the entry. Public details explicitly describe the overflow but do not specif...

CVE-2017-11696

CVE-2017-11696 is a heap-based buffer overflow in NSS (hash_open in lib/dbm/src/hash.c) exploitable via a crafted cert8.db file. Connected sources confirm the NSS library is affected and provide remediation guidance: upgrade to a newer NSS version, e.g., Gentoo GLSA-202003-37/GLSA 202003-37 recom...

CVE-2017-11698

CVE-2017-11698 is a heap-based buffer overflow in NSS (Mozilla Network Security Services), triggered by malformed cert8.db data in the __get_page function (lib/dbm/src/h_page.c). The effect is described as context-dependent attackers having unspecified impact, with local access required. The conn...