Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla nss vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-4421
The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attack...
Mozilla Nss
9.1
CVSSv3
CVE-2020-12403
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions prior to 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly ...
Mozilla Nss
2 Github repositories
NA
CVE-2009-2409
The Network Security Services (NSS) library prior to 3.12.3, as used in Firefox; GnuTLS prior to 2.6.4 and 2.7.4; OpenSSL 0.9.8 up to and including 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote malicious users to spoof certificates by us...
Mozilla Firefox
Mozilla Nss
Mozilla Nss 3.0
Mozilla Nss 3.2
Mozilla Nss 3.2.1
Mozilla Nss 3.3
Mozilla Nss 3.3.1
Mozilla Nss 3.3.2
Mozilla Nss 3.4
Mozilla Nss 3.4.1
Mozilla Nss 3.4.2
Mozilla Nss 3.4.3
Mozilla Nss 3.5
Mozilla Nss 3.6
Mozilla Nss 3.6.1
Mozilla Nss 3.7
Mozilla Nss 3.7.1
Mozilla Nss 3.7.2
Mozilla Nss 3.7.3
Mozilla Nss 3.7.5
Mozilla Nss 3.7.7
Mozilla Nss 3.8
6.5
CVSSv3
CVE-2016-1938
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) prior to 3.21, as used in Mozilla Firefox prior to 44.0, improperly divides numbers, which might make it easier for remote malicious users to defeat cryptographic protection mechanisms by lev...
Opensuse Leap 42.1
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Mozilla Nss
Mozilla Firefox
9.8
CVSSv3
CVE-2021-43527
NSS (Network Security Services) versions before 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. A...
Mozilla Nss Esr
Mozilla Nss
Netapp Cloud Backup -
Netapp E-series Santricity Os Controller
Oracle Communications Cloud Native Core Network Slice Selection Function 1.8.0
Oracle Communications Cloud Native Core Network Repository Function 1.15.0
Oracle Communications Cloud Native Core Network Repository Function 1.15.1
Oracle Communications Cloud Native Core Binding Support Function 1.11.0
Oracle Communications Policy Management 12.6.0.0.0
Starwindsoftware Starwind Virtual San V8r13
Starwindsoftware Starwind San & Nas V8r13
NA
CVE-2012-0441
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) prior to 3.13.4, as used in Firefox 4.x up to and including 12.0, Firefox ESR 10.x prior to 10.0.5, Thunderbird 5.0 up to and including 12.0, Thunderbird ESR 10.x prior to 10.0.5, and SeaMonkey p...
Mozilla Network Security Services 3.11.2
Mozilla Seamonkey 2.0.10
Mozilla Seamonkey 1.1.10
Mozilla Network Security Services 3.6.1
Mozilla Seamonkey 2.5
Mozilla Network Security Services 3.2
Mozilla Seamonkey 2.2
Mozilla Seamonkey 2.6
Mozilla Firefox 4.0
Mozilla Seamonkey 1.0.3
Mozilla Seamonkey 2.9
Mozilla Seamonkey 2.0.13
Mozilla Seamonkey 2.8
Mozilla Seamonkey 1.1.8
Mozilla Network Security Services 3.11.4
Mozilla Seamonkey 1.0.1
Mozilla Seamonkey 1.1.7
Mozilla Thunderbird 10.0
Mozilla Firefox 8.0
Mozilla Seamonkey 2.7
Mozilla Seamonkey 1.5.0.10
Mozilla Network Security Services 3.7.7
NA
CVE-2013-5605
Mozilla Network Security Services (NSS) 3.14 prior to 3.14.5 and 3.15 prior to 3.15.3 allows remote malicious users to cause a denial of service or possibly have unspecified other impact via invalid handshake packets.
Mozilla Network Security Services 3.15
Mozilla Network Security Services 3.14.1
Mozilla Network Security Services 3.15.1
Mozilla Network Security Services 3.14.3
Mozilla Network Security Services 3.14.4
Mozilla Network Security Services 3.14
Mozilla Network Security Services 3.15.2
Mozilla Network Security Services 3.14.2
NA
CVE-2013-5607
Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) prior to 4.10.2, as used in Firefox prior to 25.0.1, Firefox ESR 17.x prior to 17.0.11 and 24.x prior to 24.1.1, and SeaMonkey prior to 2.22.1, allows remote malicious users to cause a d...
Mozilla Netscape Portable Runtime 4.2
Mozilla Netscape Portable Runtime 4.6
Mozilla Netscape Portable Runtime 4.6.4
Mozilla Netscape Portable Runtime 4.8.8
Mozilla Netscape Portable Runtime 4.6.8
Mozilla Netscape Portable Runtime 4.7.6
Mozilla Netscape Portable Runtime 4.10
Mozilla Netscape Portable Runtime 4.9.4
Mozilla Netscape Portable Runtime 4.3
Mozilla Netscape Portable Runtime 4.7.5
Mozilla Netscape Portable Runtime 4.7.2
Mozilla Netscape Portable Runtime 4.8.5
Mozilla Netscape Portable Runtime 4.6.5
Mozilla Netscape Portable Runtime 4.7.3
Mozilla Netscape Portable Runtime 4.6.2
Mozilla Netscape Portable Runtime 4.8.6
Mozilla Netscape Portable Runtime 4.6.7
Mozilla Netscape Portable Runtime 4.4.1
Mozilla Netscape Portable Runtime 4.2.2
Mozilla Netscape Portable Runtime 4.7
Mozilla Netscape Portable Runtime 4.9.6
Mozilla Netscape Portable Runtime 4.1.2
NA
CVE-2010-3173
The SSL implementation in Mozilla Firefox prior to 3.5.14 and 3.6.x prior to 3.6.11, Thunderbird prior to 3.0.9 and 3.1.x prior to 3.1.5, and SeaMonkey prior to 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for r...
Mozilla Firefox 3.6.2
Mozilla Firefox 3.6.3
Mozilla Firefox 3.6.8
Mozilla Firefox 3.6.9
Mozilla Firefox 3.6.6
Mozilla Firefox 3.6.10
Mozilla Firefox 3.6.7
Mozilla Firefox 3.6.4
Mozilla Firefox 3.6
Mozilla Seamonkey 1.1.10
Mozilla Seamonkey 1.0.3
Mozilla Seamonkey 1.1.8
Mozilla Seamonkey 1.0.1
Mozilla Seamonkey 1.1.7
Mozilla Seamonkey 1.5.0.10
Mozilla Seamonkey 1.0.6
Mozilla Seamonkey 1.0.9
Mozilla Seamonkey 1.1.3
Mozilla Seamonkey 2.0.4
Mozilla Seamonkey 1.0
Mozilla Seamonkey 2.0.3
Mozilla Seamonkey 2.0.2
NA
CVE-2014-1569
The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) prior to 3.16.2.4 and 3.17.x prior to 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote malicious users to conduct data-smu...
Mozilla Network Security Services 3.16.2.1
Mozilla Network Security Services 3.17.2
Mozilla Network Security Services
Mozilla Network Security Services 3.17.0
Mozilla Network Security Services 3.16.2.2
Mozilla Network Security Services 3.16.2.0
Mozilla Network Security Services 3.17.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »