Lucene search
K
MozillaNetwork Security Services*

16 matches found

CVE
CVE
added 2014/02/06 2:0 a.m.15492 views

CVE-2014-1491

CVE-2014-1491 describes an issue in the Mozilla NSS library where public DH values were not properly restricted, enabling remote attackers to bypass cryptographic protections in ticket handling when NSS was used (e.g., in Firefox/Thunderbird/SeaMonkey). The vulnerability affects NSS

4.3CVSS8.4AI score0.04664EPSS
CVE
CVE
added 2020/10/22 8:24 p.m.498 views

CVE-2019-17006

CVE-2019-17006 : In Network Security Services (NSS) prior to 3.46, several cryptographic primitives lacked input length checks, enabling a heap-based buffer overflow that could crash the application or, per in-document wording, potentially allow code execution. The issue is associated with NSS us...

10CVSS9.4AI score0.03552EPSS
CVE
CVE
added 2017/05/11 1:0 a.m.354 views

CVE-2017-5461

CVE-2017-5461 affects Mozilla NSS. The vulnerability is an out-of-bounds write in Base64 decoding due to insufficient memory allocation, allowing a remote attacker to crash or potentially execute arbitrary code via a crafted certificate. Affected NSS versions include 3.21.4, 3.22.x–3.28.x before ...

9.8CVSS9.1AI score0.04741EPSS
CVE
CVE
added 2019/05/02 4:40 p.m.344 views

CVE-2018-12404

CVE-2018-12404 is a cached side‑channel/Bleichenbacher variant affecting NSS TLS PKCS#1 v1.5 padding that could allow decryption of content. The vulnerability affects NSS versions prior to 3.41 (per the connected IBM/DEBIAN/ALAS advisories) and is addressed by upgrading NSS components to a fixed ...

5.9CVSS5.9AI score0.44398EPSS
CVE
CVE
added 2020/10/20 12:0 a.m.315 views

CVE-2020-25648

CVE-2020-25648 affects the NSS library (TLS 1.3) and describes a denial-of-service condition caused by processing multiple ChangeCipherSpec (CCS) messages. The vulnerability exists in NSS versions prior to 3.58. Several connected advisories indicate fixes/updates to NSS (e.g., NSS 3.58+ and distr...

7.5CVSS7.2AI score0.03854EPSS
CVE
CVE
added 2019/04/29 2:22 p.m.250 views

CVE-2018-12384

The CVE-2018-12384 issue affects Mozilla NSS (as used by Firefox) where handling an SSLv2-compatible ClientHello uses an all-zero random value instead of a fresh one, enabling malleability and potential information leakage in TLS 1.2 on affected NSS versions prior to 3.39. The vulnerability does ...

5.9CVSS5.9AI score0.01496EPSS
CVE
CVE
added 2009/07/30 7:0 p.m.237 views

CVE-2009-2408

CVE-2009-2408 affects Mozilla NSS up to 3.12.2/Firefox up to 3.0.12/ Thunderbird up to 2.0.0.22 and SeaMonkey up to 1.1.17. The issue is improper handling of a '\0' character in the domain name present in the certificate subject’s Common Name (CN) field of an X.509 certificate. This enables a man...

6.8CVSS6.1AI score0.05741EPSS
CVE
CVE
added 2020/10/22 8:14 p.m.233 views

CVE-2018-18508

CVE-2018-18508 affects Network Security Services (NSS) prior to 3.36.7 and prior to 3.41.1, where a malformed signature can trigger a null-dereference crash and cause a Denial of Service. The issue is caused by mishandling of signatures in NSS that leads to a crash under certain conditions when v...

6.5CVSS6.3AI score0.01956EPSS
CVE
CVE
added 2020/10/22 8:28 p.m.220 views

CVE-2019-17007

CVE-2019-17007 affects Network Security Services (NSS) up to version 3.43.x; a malformed Netscape Certificate Sequence can crash NSS, causing a denial of service. The connected sources confirm this vulnerability in NSS and reference the 3.44 release as the fix (NSS 3.44 release notes). Impact is ...

7.5CVSS7.2AI score0.01382EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.216 views

CVE-2017-5462

The CVE-2017-5462 issue is a DRBG generation flaw in the NSS library where the internal state V does not correctly carry bits over. This vulnerability affects Mozilla products including Thunderbird (<52.1), Firefox ESR (<52.1), Firefox (

5.3CVSS6.4AI score0.02642EPSS
CVE
CVE
added 2009/07/30 7:0 p.m.194 views

CVE-2009-2409

CVE-2009-2409 involves MD2 use in X.509 certificate signatures across NSS, GnuTLS, and OpenSSL. Root cause: MD2 hash weaknesses allow forging/collision-based certificate spoofing; public updates disable/avoid MD2 and patch implementations. Affected components include NSS library (Firefox usage), ...

5.1CVSS5.8AI score0.04506EPSS
CVE
CVE
added 2013/02/08 7:0 p.m.178 views

CVE-2013-1620

The CVE-2013-1620 entry concerns the TLS implementation in Mozilla NSS. It describes a timing-side‑channel flaw during a noncompliant CBC padding (MAC check) processing for malformed TLS records, allowing remote attackers to perform distinguishing attacks and plaintext-recovery through timing ana...

4.3CVSS6.7AI score0.03723EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.171 views

CVE-2014-1490

CVE-2014-1490 : A race condition in NSS libssl session ticket processing (use-after-free) could allow remote attackers to cause a denial of service or, per the description, potentially other impact via a resumption handshake. Affected: NSS up to 3.15.4 and, by extension, Mozilla products (Firefox...

9.3CVSS8.8AI score0.0399EPSS
CVE
CVE
added 2007/02/26 8:0 p.m.147 views

CVE-2007-0009

CVE-2007-0009 describes a stack-based buffer overflow in the SSLv2 handling of the Mozilla Network Security Services (NSS) library, caused by improper handling of the Client Master Key length values. This can enable remote attackers to execute arbitrary code in the context of the affected process...

6.8CVSS7.9AI score0.5036EPSS
CVE
CVE
added 2013/04/03 10:0 a.m.140 views

CVE-2013-0791

The connected Nessus advisories confirm CVE-2013-0791 affects Mozilla NSS and upstream products via CERT_DecodeCertPackage, allowing remote doS through out-of-bounds reads and memory corruption when processing crafted certificates. Affected: NSS libraries and apps (Firefox before 20.0, ESR 17.x b...

5CVSS5.5AI score0.05213EPSS
CVE
CVE
added 2018/07/19 1:0 p.m.82 views

CVE-2016-9574

CVE-2016-9574 : Mozilla NSS (as used in Mozilla Firefox) is vulnerable to a remote denial-of-service during the TLS session handshake when using the SessionTicket extension and ECDHE-ECDSA. The issue is described as an error during the session handshake. This CVE requires upgrading NSS to a non-v...

5.9CVSS6.2AI score0.01405EPSS