Page 6 of 29 results (0.014 seconds)

CVSS: 5.0EPSS: 6%CPEs: 19EXPL: 0

CVE-2013-0791 – Mozilla: Out-of-bounds array read in CERT_DecodeCertPackage (MFSA 2013-40)

https://notcve.org/view.php?id=CVE-2013-0791

The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate. La función CERT_DecodeCertPackage en Mozilla Network Security Services (NSS), tal como se utiliza en Mozilla Firefox antes de v20.0, Firefox ESR v17.x antes v17.0.5, Thunderbird antes de v17.0.5, Thunderbird ESR v17.x antes de v17.0.5, SeaMonkey antes de v2.17, y otros productos, permite a atacantes remotos provocar una denegación de servicio (fuera del terreno de juego y lectura de corrupción de memoria) a través de un certificado manipulado. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html http://rhn.redhat.com/errata/RHSA-2013-1135.html http://rhn.redhat.com/errata/RHSA-2013-1144.html http://www.mozilla.org/security • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.1EPSS: 0%CPEs: 25EXPL: 0

CVE-2013-1620 – nss: TLS CBC padding timing attack

https://notcve.org/view.php?id=CVE-2013-1620

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. La implementación en Mozilla Network Security Services (NSS) de TLS no tiene debidamente en cuenta tiempos de canal lateral ataques a una operación de comprobación de incumplimiento MAC durante el procesamiento de malformaciones relleno CBC, que permite a atacantes remotos para realizar ataques distintivos y los ataques de recuperación de texto plano-a través de análisis estadístico de datos de tiempo de los paquetes hechos a mano, una cuestión relacionada con CVE-2013-0169. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html http://openwall.com/lists/oss-security/2013/02/05/24 http://rhn.redhat.com/errata/RHSA-2013-1135.html http://rhn.redhat.com/errata/RHSA-2013-1144.html http://seclists.org/fulldisclosure/2014/Dec/23 http://security.gentoo.org/glsa/glsa-201406-19.xml http://www. • CWE-203: Observable Discrepancy •

CVSS: 5.0EPSS: 10%CPEs: 198EXPL: 0

CVE-2012-0441 – nss: NSS parsing errors with zero length items

https://notcve.org/view.php?id=CVE-2012-0441

The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response. El decodificador ASN.1 en el decodificador QuickDER en Mozilla Network Security Services (NSS) antes de v3.13.4, como se usa en Firefox v4.x a v12.0, Firefox ESR v10.x antes de v10.0.5, Thunderbird v5.0 a v12.0, Thunderbird VSG v10.x antes de v10.0.5, y SeaMonkey antes de v2.10, permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de un elemento de longitud cero, como lo demuestra (1) una restricción básica de longitud cero o (2) un campo de longitud cero en una respuesta de OCSP. • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html http://secunia.com/advisories/49976 http://secunia.com/advisories/50316 http://www.debian.org/security/2012/dsa-2490 http://www.mandriva.com/security/advisories?name=MDVSA-2012:088 http://www.mozilla.org/security/announce/2012/mfsa2012-39.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocu • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 60%CPEs: 7EXPL: 0

CVE-2009-2404 – nss regexp heap overflow

https://notcve.org/view.php?id=CVE-2009-2404

Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function. Desbordamiento de búfer basado en memoria dinámica en el analizador de expresiones regulares en Mozilla NetWork Security Services (NSS) anteriores a 3.12.3 como las utilizadas en Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, y AOL Instant Messenger (AIM), permite a servidores SSL remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecución de código de su elección a través de un nombre de dominio largo en el campo Common Name (CN) en un certificado X.509, relativo a la función cert_TestHost_Name. • http://rhn.redhat.com/errata/RHSA-2009-1185.html http://secunia.com/advisories/36088 http://secunia.com/advisories/36102 http://secunia.com/advisories/36125 http://secunia.com/advisories/36139 http://secunia.com/advisories/36157 http://secunia.com/advisories/36434 http://secunia.com/advisories/37098 http://secunia.com/advisories/39428 http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •