16 matches found
CVE-2014-1491
CVE-2014-1491 describes an issue in the Mozilla NSS library where public DH values were not properly restricted, enabling remote attackers to bypass cryptographic protections in ticket handling when NSS was used (e.g., in Firefox/Thunderbird/SeaMonkey). The vulnerability affects NSS
CVE-2019-17006
CVE-2019-17006 : In Network Security Services (NSS) prior to 3.46, several cryptographic primitives lacked input length checks, enabling a heap-based buffer overflow that could crash the application or, per in-document wording, potentially allow code execution. The issue is associated with NSS us...
CVE-2017-5461
CVE-2017-5461 affects Mozilla NSS. The vulnerability is an out-of-bounds write in Base64 decoding due to insufficient memory allocation, allowing a remote attacker to crash or potentially execute arbitrary code via a crafted certificate. Affected NSS versions include 3.21.4, 3.22.x–3.28.x before ...
CVE-2018-12404
CVE-2018-12404 is a cached side‑channel/Bleichenbacher variant affecting NSS TLS PKCS#1 v1.5 padding that could allow decryption of content. The vulnerability affects NSS versions prior to 3.41 (per the connected IBM/DEBIAN/ALAS advisories) and is addressed by upgrading NSS components to a fixed ...
CVE-2020-25648
CVE-2020-25648 affects the NSS library (TLS 1.3) and describes a denial-of-service condition caused by processing multiple ChangeCipherSpec (CCS) messages. The vulnerability exists in NSS versions prior to 3.58. Several connected advisories indicate fixes/updates to NSS (e.g., NSS 3.58+ and distr...
CVE-2018-12384
The CVE-2018-12384 issue affects Mozilla NSS (as used by Firefox) where handling an SSLv2-compatible ClientHello uses an all-zero random value instead of a fresh one, enabling malleability and potential information leakage in TLS 1.2 on affected NSS versions prior to 3.39. The vulnerability does ...
CVE-2009-2408
CVE-2009-2408 affects Mozilla NSS up to 3.12.2/Firefox up to 3.0.12/ Thunderbird up to 2.0.0.22 and SeaMonkey up to 1.1.17. The issue is improper handling of a '\0' character in the domain name present in the certificate subject’s Common Name (CN) field of an X.509 certificate. This enables a man...
CVE-2018-18508
CVE-2018-18508 affects Network Security Services (NSS) prior to 3.36.7 and prior to 3.41.1, where a malformed signature can trigger a null-dereference crash and cause a Denial of Service. The issue is caused by mishandling of signatures in NSS that leads to a crash under certain conditions when v...
CVE-2019-17007
CVE-2019-17007 affects Network Security Services (NSS) up to version 3.43.x; a malformed Netscape Certificate Sequence can crash NSS, causing a denial of service. The connected sources confirm this vulnerability in NSS and reference the 3.44 release as the fix (NSS 3.44 release notes). Impact is ...
CVE-2017-5462
The CVE-2017-5462 issue is a DRBG generation flaw in the NSS library where the internal state V does not correctly carry bits over. This vulnerability affects Mozilla products including Thunderbird (<52.1), Firefox ESR (<52.1), Firefox (
CVE-2009-2409
CVE-2009-2409 involves MD2 use in X.509 certificate signatures across NSS, GnuTLS, and OpenSSL. Root cause: MD2 hash weaknesses allow forging/collision-based certificate spoofing; public updates disable/avoid MD2 and patch implementations. Affected components include NSS library (Firefox usage), ...
CVE-2013-1620
The CVE-2013-1620 entry concerns the TLS implementation in Mozilla NSS. It describes a timing-side‑channel flaw during a noncompliant CBC padding (MAC check) processing for malformed TLS records, allowing remote attackers to perform distinguishing attacks and plaintext-recovery through timing ana...
CVE-2014-1490
CVE-2014-1490 : A race condition in NSS libssl session ticket processing (use-after-free) could allow remote attackers to cause a denial of service or, per the description, potentially other impact via a resumption handshake. Affected: NSS up to 3.15.4 and, by extension, Mozilla products (Firefox...
CVE-2007-0009
CVE-2007-0009 describes a stack-based buffer overflow in the SSLv2 handling of the Mozilla Network Security Services (NSS) library, caused by improper handling of the Client Master Key length values. This can enable remote attackers to execute arbitrary code in the context of the affected process...
CVE-2013-0791
The connected Nessus advisories confirm CVE-2013-0791 affects Mozilla NSS and upstream products via CERT_DecodeCertPackage, allowing remote doS through out-of-bounds reads and memory corruption when processing crafted certificates. Affected: NSS libraries and apps (Firefox before 20.0, ESR 17.x b...
CVE-2016-9574
CVE-2016-9574 : Mozilla NSS (as used in Mozilla Firefox) is vulnerable to a remote denial-of-service during the TLS session handshake when using the SessionTicket extension and ECDHE-ECDSA. The issue is described as an error during the session handshake. This CVE requires upgrading NSS to a non-v...