Vulnerabilities (CVE)

Vendor filter

Mozilla Subscribe

Product filter

Network Security Services Subscribe

Filter

46 total CVE
CVE Vendors Products Updated CVSS
CVE-2016-9574 1 Mozilla 1 Network Security Services 2019-10-09 4.3
nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.
CVE-2016-8635 2 Mozilla, Redhat 7 Network Security Services, Enterprise Linux Desktop, Enterprise Linux Server and 4 more 2019-10-09 4.3
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.
CVE-2015-4000 12 Google, Openssl, Apple and 9 more 25 Safari, Network Security Services, Ie and 22 more 2019-10-09 4.3
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a...
CVE-2007-0009 3 Mozilla, Canonical, Debian 6 Firefox, Seamonkey, Thunderbird and 3 more 2019-10-09 6.8
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System...
CVE-2017-5462 2 Mozilla, Debian 5 Firefox, Firefox Esr, Network Security Services and 2 more 2019-10-03 5.0
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has...
CVE-2018-12404 1 Mozilla 1 Network Security Services 2019-07-20 4.3
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.
CVE-2018-12384 1 Mozilla 1 Network Security Services 2019-05-03 4.3
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS...
CVE-2016-1950 5 Mozilla, Apple, Oracle and 2 more 15 Glassfish Server, Firefox Esr, Iplanet Web Proxy Server and 12 more 2019-03-08 6.8
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code...
CVE-2015-7575 4 Mozilla, Canonical, Novell and 1 more 8 Ubuntu Linux, Leap, Firefox Esr and 5 more 2018-10-30 4.3
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes...
CVE-2016-2834 4 Mozilla, Canonical, Novell and 1 more 10 Ubuntu Linux, Leap, Suse Linux Enterprise Software Development Kit and 7 more 2018-10-30 9.3
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2014-1490 5 Suse, Mozilla, Fedoraproject and 2 more 11 Firefox Esr, Fedora, Suse Linux Enterprise Desktop and 8 more 2018-10-30 5.0
Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers...
CVE-2006-4340 1 Mozilla 4 Firefox, Seamonkey, Thunderbird and 1 more 2018-10-17 4.0
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a...
CVE-2007-0008 1 Mozilla 4 Firefox, Thunderbird, Seamonkey and 1 more 2018-10-16 6.8
Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server...
CVE-2014-1492 1 Mozilla 1 Network Security Services 2018-10-09 4.3
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label,...
CVE-2014-1491 1 Mozilla 5 Firefox, Seamonkey, Thunderbird and 2 more 2018-10-09 5.0
Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in...
CVE-2013-5606 1 Mozilla 1 Network Security Services 2018-10-09 5.8
The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which...
CVE-2013-5605 1 Mozilla 1 Network Security Services 2018-10-09 7.5
Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets.
CVE-2013-1741 1 Mozilla 1 Network Security Services 2018-10-09 7.5
Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value.
CVE-2013-1740 1 Mozilla 1 Network Security Services 2018-10-09 5.8
The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509...
CVE-2013-1739 1 Mozilla 1 Network Security Services 2018-10-09 5.0
Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors...