Lucene search

K
MozillaNetwork Security Services

51 matches found

CVE
CVE
added 2014/03/25 1:25 p.m.12450 views

CVE-2014-1492

The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof...

4.3CVSS7.1AI score0.00852EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.12371 views

CVE-2014-1491

Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote...

4.3CVSS8.4AI score0.0011EPSS
CVE
CVE
added 2015/05/21 12:59 a.m.1158 views

CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then ...

4.3CVSS4.8AI score0.93647EPSS
In wild
CVE
CVE
added 2020/10/22 9:15 p.m.470 views

CVE-2019-17006

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.

10CVSS9.4AI score0.00454EPSS
CVE
CVE
added 2017/05/11 1:29 a.m.316 views

CVE-2017-5461

Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.

9.8CVSS9.1AI score0.01411EPSS
CVE
CVE
added 2019/05/02 5:29 p.m.314 views

CVE-2018-12404

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.

5.9CVSS5.9AI score0.14734EPSS
CVE
CVE
added 2014/09/25 5:55 p.m.288 views

CVE-2014-1568

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1...

7.5CVSS5.3AI score0.41418EPSS
CVE
CVE
added 2020/10/20 10:15 p.m.272 views

CVE-2020-25648

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This fla...

7.5CVSS7.2AI score0.00123EPSS
CVE
CVE
added 2015/11/05 5:59 a.m.243 views

CVE-2015-7182

Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possib...

9.8CVSS10AI score0.18408EPSS
CVE
CVE
added 2016/01/09 2:59 a.m.243 views

CVE-2015-7575

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof se...

5.9CVSS6.1AI score0.02005EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.226 views

CVE-2016-1950

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.

8.8CVSS7.9AI score0.01752EPSS
CVE
CVE
added 2019/04/29 3:29 p.m.226 views

CVE-2018-12384

When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.

5.9CVSS5.9AI score0.00865EPSS
CVE
CVE
added 2020/10/22 9:15 p.m.213 views

CVE-2018-18508

In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.

6.5CVSS6.3AI score0.00315EPSS
CVE
CVE
added 2015/11/05 5:59 a.m.208 views

CVE-2015-7183

Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute ar...

7.5CVSS9.4AI score0.18188EPSS
CVE
CVE
added 2020/10/22 9:15 p.m.201 views

CVE-2019-17007

In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.

7.5CVSS7.2AI score0.00276EPSS
CVE
CVE
added 2016/06/13 10:59 a.m.196 views

CVE-2016-2834

Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.

9.3CVSS8.5AI score0.01552EPSS
CVE
CVE
added 2009/07/30 7:30 p.m.193 views

CVE-2009-2408

Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers t...

6.8CVSS6.1AI score0.01236EPSS
Web
CVE
CVE
added 2015/07/06 2:0 a.m.182 views

CVE-2015-2721

Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attack...

4.3CVSS4.1AI score0.00516EPSS
CVE
CVE
added 2015/11/05 5:59 a.m.181 views

CVE-2015-7181

The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to c...

7.5CVSS9.4AI score0.24811EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.180 views

CVE-2017-5462

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerabili...

5.3CVSS6.4AI score0.01072EPSS
CVE
CVE
added 2014/12/15 6:59 p.m.167 views

CVE-2014-1569

The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a lon...

7.5CVSS3.8AI score0.02629EPSS
Web
CVE
CVE
added 2012/06/16 9:55 p.m.163 views

CVE-2011-5094

Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by pe...

4.3CVSS6.5AI score0.81565EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.159 views

CVE-2016-1978

Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2...

7.5CVSS8.1AI score0.02754EPSS
CVE
CVE
added 2009/07/30 7:30 p.m.154 views

CVE-2009-2409

The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash c...

5.1CVSS5.8AI score0.02005EPSS
CVE
CVE
added 2015/07/06 2:1 a.m.154 views

CVE-2015-2730

Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof EC...

4.3CVSS4.3AI score0.0034EPSS
CVE
CVE
added 2017/05/30 6:29 p.m.154 views

CVE-2017-7502

Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.

7.5CVSS7.3AI score0.04527EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.144 views

CVE-2004-0826

Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.

7.5CVSS7.7AI score0.02995EPSS
CVE
CVE
added 2014/07/23 11:12 a.m.143 views

CVE-2014-1544

Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger ce...

10CVSS9.4AI score0.03216EPSS
CVE
CVE
added 2012/06/05 11:55 p.m.138 views

CVE-2012-0441

The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a de...

5CVSS9.1AI score0.03581EPSS
CVE
CVE
added 2013/02/08 7:55 p.m.137 views

CVE-2013-1620

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attac...

4.3CVSS6.7AI score0.00882EPSS
CVE
CVE
added 2022/10/14 5:15 p.m.137 views

CVE-2022-3479

A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash.

7.5CVSS7.3AI score0.00222EPSS
CVE
CVE
added 2019/11/15 4:15 p.m.135 views

CVE-2016-5285

A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.

7.5CVSS7.2AI score0.00646EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.122 views

CVE-2014-1490

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possi...

9.3CVSS8.8AI score0.00915EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.120 views

CVE-2016-1979

Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data...

8.8CVSS9.1AI score0.00905EPSS
CVE
CVE
added 2013/04/03 11:56 a.m.116 views

CVE-2013-0791

The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial...

5CVSS5.5AI score0.00584EPSS
CVE
CVE
added 2018/08/01 1:29 p.m.111 views

CVE-2016-8635

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.

5.9CVSS6.3AI score0.00443EPSS
CVE
CVE
added 2013/11/18 5:23 a.m.107 views

CVE-2013-1741

Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value.

7.5CVSS6.3AI score0.02604EPSS
CVE
CVE
added 2013/10/22 10:55 p.m.105 views

CVE-2013-1739

Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure.

5CVSS6.7AI score0.02647EPSS
CVE
CVE
added 2007/02/26 8:28 p.m.104 views

CVE-2007-0009

Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attac...

6.8CVSS7.9AI score0.48677EPSS
CVE
CVE
added 2013/11/18 5:23 a.m.103 views

CVE-2013-5605

Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets.

7.5CVSS6.2AI score0.0279EPSS
CVE
CVE
added 2006/09/15 6:7 p.m.99 views

CVE-2006-4340

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatur...

4CVSS6.1AI score0.12793EPSS
CVE
CVE
added 2007/02/26 8:28 p.m.98 views

CVE-2007-0008

Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to ex...

6.8CVSS7.4AI score0.16866EPSS
CVE
CVE
added 2013/11/18 5:23 a.m.96 views

CVE-2013-5606

The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access r...

5.8CVSS5.3AI score0.00661EPSS
CVE
CVE
added 2006/11/08 9:7 p.m.94 views

CVE-2006-5462

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatur...

6.4CVSS5.6AI score0.12793EPSS
CVE
CVE
added 2009/08/03 2:30 p.m.89 views

CVE-2009-2404

Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly ...

9.3CVSS7.1AI score0.21024EPSS
CVE
CVE
added 2014/01/18 10:55 p.m.83 views

CVE-2013-1740

The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.

5.8CVSS5.6AI score0.01047EPSS
CVE
CVE
added 2018/07/19 1:29 p.m.67 views

CVE-2016-9574

nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.

5.9CVSS6.2AI score0.00184EPSS
CVE
CVE
added 2017/12/27 7:29 p.m.67 views

CVE-2017-11697

The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file.

7.8CVSS7.2AI score0.00113EPSS
CVE
CVE
added 2017/12/27 7:29 p.m.63 views

CVE-2017-11695

Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.

7.8CVSS8AI score0.00094EPSS
CVE
CVE
added 2017/12/27 7:29 p.m.56 views

CVE-2017-11696

Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.

7.8CVSS8AI score0.00094EPSS
Total number of security vulnerabilities51