Lucene search

K

Veracode Vulnerability DatabaseVERACODE:11778

HistoryJan 15, 2019 - 9:07 a.m.

Spoofable ECDSA Signatures

2019-01-1509:07:31

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

2

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

nss-softokn is vulnerable to spoofable ECDSA signatures. The vulnerability exists as Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.

CPENameOperatorVersion
nss-softokneq3.12.9__11.el6
nss-softokneq3.14.3__18.el6_6
nss-softokneq3.12.9__3.el6
nss-softokneq3.14.3__12.el6_5
nss-softokneq3.12.8__1.el6_0
nss-softokneq3.14.3__3.el6_4
nss-softokneq3.14.3__19.el6_6
nss-softokneq3.14.3__9.el6
nss-softokneq3.14.3__17.el6
nss-softokneq3.14.3__4.el6_4

Rows per page:

1-10 of 461

References

lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html

lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

rhn.redhat.com/errata/RHSA-2015-1664.html

rhn.redhat.com/errata/RHSA-2015-1699.html

www.debian.org/security/2015/dsa-3336

www.mozilla.org/security/announce/2015/mfsa2015-64.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

www.securityfocus.com/bid/75541

www.securityfocus.com/bid/83399

www.securitytracker.com/id/1032783

www.ubuntu.com/usn/USN-2656-1

www.ubuntu.com/usn/USN-2656-2

www.ubuntu.com/usn/USN-2672-1

access.redhat.com/security/updates/classification/#moderate

bugzilla.mozilla.org/show_bug.cgi?id=1125025

developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes

rhn.redhat.com/errata/RHSA-2015-1699.html

security.gentoo.org/glsa/201512-10

www.mozilla.org/en-US/security/advisories/mfsa2015-64/

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

Related for VERACODE:11778

prion1 oraclelinux3 openvas28 ibm9 f52 nessus31 debiancve1 ubuntucve1 redhat2 mozilla1 cve1 centos2 amazon1 cvelist1 ubuntu3 debian3 osv2 mageia1 suse6 freebsd1 securityvulns1 gentoo1