Vulnerabilities (CVE)

Vendor filter

Mozilla Subscribe

Product filter

Network Security Services Subscribe

Filter

46 total CVE
CVE Vendors Products Updated CVSS
CVE-2013-1620 1 Mozilla 1 Network Security Services 2018-10-09 4.3
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to...
CVE-2009-2404 1 Mozilla 1 Network Security Services 2018-10-03 9.3
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause...
CVE-2017-5461 1 Mozilla 1 Network Security Services 2018-09-20 7.5
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified...
CVE-2018-12433 11 Botan Project, Cryptlib, Gnupg and 8 more 11 Botan, Cryptlib, Libgcrypt and 8 more 2018-08-09 1.9
** DISPUTED ** cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a...
CVE-2018-12437 11 Botan Project, Cryptlib, Gnupg and 8 more 11 Botan, Cryptlib, Libgcrypt and 8 more 2018-08-09 1.9
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual...
CVE-2018-12438 11 Botan Project, Cryptlib, Gnupg and 8 more 11 Botan, Cryptlib, Libgcrypt and 8 more 2018-08-09 1.9
The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the...
CVE-2012-0441 1 Mozilla 6 Firefox Esr, Seamonkey, Thunderbird and 3 more 2018-01-18 5.0
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and...
CVE-2017-11698 1 Mozilla 1 Network Security Services 2018-01-10 4.6
Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.
CVE-2017-11697 1 Mozilla 1 Network Security Services 2018-01-10 4.6
The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file.
CVE-2017-11696 1 Mozilla 1 Network Security Services 2018-01-10 4.6
Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.
CVE-2017-11695 1 Mozilla 1 Network Security Services 2018-01-10 4.6
Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.
CVE-2017-7502 1 Mozilla 1 Network Security Services 2018-01-05 5.0
Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.
CVE-2015-2721 5 Mozilla, Debian, Oracle and 2 more 8 Ubuntu Linux, Suse Linux Enterprise Software Development Kit, Debian Linux and 5 more 2018-01-05 4.3
Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS...
CVE-2016-1979 1 Mozilla 2 Firefox, Network Security Services 2017-11-04 6.8
Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or...
CVE-2016-1978 1 Mozilla 2 Firefox, Network Security Services 2017-11-04 7.5
Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have...
CVE-2015-7182 2 Mozilla, Oracle 8 Glassfish Server, Firefox Esr, Iplanet Web Proxy Server and 5 more 2017-11-04 7.5
Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to...
CVE-2015-7181 1 Mozilla 3 Firefox, Firefox Esr, Network Security Services 2017-11-04 7.5
The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an...
CVE-2015-7183 1 Mozilla 3 Firefox, Firefox Esr, Network Security Services 2017-10-20 7.5
Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and...
CVE-2006-5462 1 Mozilla 4 Firefox, Thunderbird, Seamonkey and 1 more 2017-10-11 6.4
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a...
CVE-2014-1569 1 Mozilla 1 Network Security Services 2017-09-22 7.5
The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote...