CVSS: 7.5EPSS: 5%CPEs: 2EXPL: 0CVE-2016-1978 – nss: Use-after-free in NSS during SSL connections in low memory (MFSA 2016-15)
https://notcve.org/view.php?id=CVE-2016-1978
13 Mar 2016 — Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. Vulnerabilidad de uso después de liberación de memoria en la función ssl3_HandleECDHServerKeyExchange en Mozilla Network Security Services (NSS) en versiones... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html •
CVSS: 8.8EPSS: 4%CPEs: 2EXPL: 0CVE-2016-1979 – nss: Use-after-free during processing of DER encoded keys in NSS (MFSA 2016-36)
https://notcve.org/view.php?id=CVE-2016-1979
13 Mar 2016 — Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. Vulnerabilidad de uso después de liberación de memoria en la función PK11_ImportDERPrivateKeyInfoAndReturnKey en Mozilla Network Security Services (NSS) en versiones anteriores a 3.21.1, como s... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html •
CVSS: 5.9EPSS: 0%CPEs: 19EXPL: 0CVE-2015-7575 – TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)
https://notcve.org/view.php?id=CVE-2015-7575
07 Jan 2016 — Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. Mozilla Network Security Services (NSS) en versiones anteriores a 3.20.2, tal como se utiliza en Mozilla Firefox en versiones anteriores a 43.0.2 y Firefox ESR 38.x en versiones an... • http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html • CWE-19: Data Processing Errors •
CVSS: 8.4EPSS: 6%CPEs: 11EXPL: 0CVE-2015-7181 – nss: use-after-poison in sec_asn1d_parse_leaf() (MFSA 2015-133)
https://notcve.org/view.php?id=CVE-2015-7181
04 Nov 2015 — The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue. La función sec_asn1d_parse_leaf en Mozilla Network Security Ser... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 17EXPL: 0CVE-2015-7182 – nss: ASN.1 decoder heap overflow when decoding constructed OCTET STRING that mixes indefinite and definite length encodings (MFSA 2015-133)
https://notcve.org/view.php?id=CVE-2015-7182
04 Nov 2015 — Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. Desbordamiento de buffer basado en memoria dinámica en el decodificador ASN.1 en Mozilla Network Security Services (NSS) en versiones anteriores a 3.19.2.1 ... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 5%CPEs: 11EXPL: 0CVE-2015-7183 – nspr: heap-buffer overflow in PL_ARENA_ALLOCATE (MFSA 2015-133)
https://notcve.org/view.php?id=CVE-2015-7183
04 Nov 2015 — Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. Desbordamiento de entero en la implementación de PL_ARENA_ALLOCATE en Netscape Portable Runtime (NSPR) e... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2015-2730 – NSS: ECDSA signature validation fails to handle some signatures correctly (MFSA 2015-64)
https://notcve.org/view.php?id=CVE-2015-2730
06 Jul 2015 — Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors. Mozilla Network Security Services (NSS) anterior a 3.19.1, utilizado en Mozilla Firefox anterior a 39.0, Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1, y otros pro... • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html • CWE-310: Cryptographic Issues CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 4CVE-2014-1569 – Mandriva Linux Security Advisory 2014-252
https://notcve.org/view.php?id=CVE-2014-1569
15 Dec 2014 — The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as demonstrated by the SEC_QuickDERDecodeItem function's improper handling of an arbitrary-length encoding of 0x00. La función definite_length_decoder en lib/util/quickder.c en Moz... • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html •
CVSS: 9.8EPSS: 3%CPEs: 233EXPL: 0CVE-2014-1568 – nss: RSA PKCS#1 signature verification forgery flaw (MFSA 2014-73)
https://notcve.org/view.php?id=CVE-2014-1568
25 Sep 2014 — Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof ... • http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html • CWE-310: Cryptographic Issues CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 10.0EPSS: 11%CPEs: 71EXPL: 0CVE-2014-1544 – nss: Race-condition in certificate verification can lead to Remote code execution (MFSA 2014-63)
https://notcve.org/view.php?id=CVE-2014-1544
22 Jul 2014 — Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain. Vulnerabilidad de uso después de liberación en la función CERT_DestroyCertificate en libnss3.so en Mozilla Network Security Services (NSS)... • http://secunia.com/advisories/59591 • CWE-416: Use After Free •