CVSS: 7.5EPSS: 10%CPEs: 3EXPL: 0CVE-2013-1741 – nss: Integer truncation in certificate parsing (MFSA 2013-103)
https://notcve.org/view.php?id=CVE-2013-1741
16 Nov 2013 — Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. Desbordamiento de enteros en Mozilla Network Security Services (NSS) 3.15.3 anterior 3.15 que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un valor de gran tamaño. Network Security Services is a set of libraries designed to support t... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 11%CPEs: 20EXPL: 0CVE-2013-1739 – nss: Avoid uninitialized data read in the event of a decryption failure
https://notcve.org/view.php?id=CVE-2013-1739
22 Oct 2013 — Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. Mozilla Network Security Services (NSS) en versiones anteriores a 3.15.2 no asegura que las estructuras de datos estén inicializadas antes de las operaciones de lectura, lo que permite a atacantes remotos provocar una denegación de s... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 •
CVSS: 7.5EPSS: 5%CPEs: 19EXPL: 0CVE-2013-0791 – Mozilla: Out-of-bounds array read in CERT_DecodeCertPackage (MFSA 2013-40)
https://notcve.org/view.php?id=CVE-2013-0791
03 Apr 2013 — The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate. La función CERT_DecodeCertPackage en Mozilla Network Security Services (NSS), tal como se utiliza en Mozilla Firefox antes de v20.0... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2013-1620 – nss: TLS CBC padding timing attack
https://notcve.org/view.php?id=CVE-2013-1620
08 Feb 2013 — The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. La implementación en Mozilla Network Security Services (NSS) de TLS no tiene debidamente en cuenta tiempos de canal... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 • CWE-203: Observable Discrepancy •
CVSS: 9.8EPSS: 3%CPEs: 23EXPL: 0CVE-2011-5094
https://notcve.org/view.php?id=CVE-2011-5094
16 Jun 2012 — Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to pr... • http://orchilles.com/2011/03/ssl-renegotiation-dos.html •
CVSS: 7.5EPSS: 10%CPEs: 198EXPL: 0CVE-2012-0441 – nss: NSS parsing errors with zero length items
https://notcve.org/view.php?id=CVE-2012-0441
05 Jun 2012 — The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response. El decodificador ASN.1 en el decodificador QuickDER... • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 38%CPEs: 7EXPL: 0CVE-2009-2404 – nss regexp heap overflow
https://notcve.org/view.php?id=CVE-2009-2404
03 Aug 2009 — Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function. Desbordamiento de búfer basado en memoria dinámica en el an... • http://rhn.redhat.com/errata/RHSA-2009-1185.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 12EXPL: 0CVE-2009-2408 – firefox/nss: doesn't handle NULL in Common Name properly
https://notcve.org/view.php?id=CVE-2009-2408
30 Jul 2009 — Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5. Mozilla Firefox anterior a v3.5 y NSS anterior a v... • http://isc.sans.org/diary.html?storyid=7003 • CWE-295: Improper Certificate Validation •
CVSS: 8.1EPSS: 91%CPEs: 10EXPL: 0CVE-2007-0009 – NSS: SSLv2 protocol buffer overflows
https://notcve.org/view.php?id=CVE-2007-0009
26 Feb 2007 — Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values. Un desbordamiento de búfer en la región stack de la memoria en el soporte SSLv2 en Mozilla Network Security Services (NSS) anterior a v... • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 96%CPEs: 86EXPL: 0CVE-2007-0008 – NSS: SSLv2 protocol buffer overflows
https://notcve.org/view.php?id=CVE-2007-0008
26 Feb 2007 — Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow. Un subdesbordamiento de enteros en el sopor... • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc • CWE-189: Numeric Errors •