Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla network security services 3.6 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-11727
A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messag...
Mozilla Firefox
5
CVSSv2
CVE-2012-0441
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) prior to 3.13.4, as used in Firefox 4.x up to and including 12.0, Firefox ESR 10.x prior to 10.0.5, Thunderbird 5.0 up to and including 12.0, Thunderbird ESR 10.x prior to 10.0.5, and SeaMonkey p...
Mozilla Firefox 4.0
Mozilla Firefox 5.0
Mozilla Firefox 5.0.1
Mozilla Firefox 8.0.1
Mozilla Firefox 9.0.1
Mozilla Firefox Esr 10.0
Mozilla Firefox Esr 10.0.1
Mozilla Thunderbird 6.0.2
Mozilla Thunderbird 7.0.1
Mozilla Thunderbird 10.0.1
Mozilla Thunderbird 10.0
Mozilla Thunderbird 10.0.4
Mozilla Thunderbird Esr 10.0.4
Mozilla Seamonkey
Mozilla Seamonkey 2.8
Mozilla Seamonkey 2.7
Mozilla Seamonkey 2.6.1
Mozilla Seamonkey 2.5
Mozilla Seamonkey 2.4
Mozilla Seamonkey 2.3
Mozilla Firefox 7.0
Mozilla Firefox 8.0
4.3
CVSSv2
CVE-2019-17023
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Fi...
Mozilla Firefox
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2014-1492
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) prior to 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the...
Mozilla Network Security Services 3.15.3.1
Mozilla Network Security Services 3.12
Mozilla Network Security Services 3.12.1
Mozilla Network Security Services 3.12.4
Mozilla Network Security Services 3.12.5
Mozilla Network Security Services 3.14.3
Mozilla Network Security Services 3.14.4
Mozilla Network Security Services 3.2.1
Mozilla Network Security Services 3.3
Mozilla Network Security Services 3.6
Mozilla Network Security Services 3.6.1
Mozilla Network Security Services 3.7
Mozilla Network Security Services 3.11.4
Mozilla Network Security Services 3.11.5
Mozilla Network Security Services 3.12.3.1
Mozilla Network Security Services 3.9
Mozilla Network Security Services 3.12.3.2
Mozilla Network Security Services 3.14.1
Mozilla Network Security Services 3.14.2
Mozilla Network Security Services 3.15.3
Mozilla Network Security Services 3.2
Mozilla Network Security Services 3.4.2
4.3
CVSSv2
CVE-2011-5094
Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote malicious users to cause a denial of servic...
Mozilla Network Security Services 3.11.2
Mozilla Network Security Services 3.6.1
Mozilla Network Security Services 3.2
Mozilla Network Security Services 3.11.4
Mozilla Network Security Services 3.7.7
Mozilla Network Security Services 3.7.5
Mozilla Network Security Services 3.7.1
Mozilla Network Security Services 3.6
Mozilla Network Security Services 3.2.1
Mozilla Network Security Services 3.9
Mozilla Network Security Services 3.4
Mozilla Network Security Services 3.8
Mozilla Network Security Services 3.4.1
Mozilla Network Security Services 3.11.5
Mozilla Network Security Services 3.7
Mozilla Network Security Services 3.7.2
Mozilla Network Security Services 3.3
Mozilla Network Security Services 3.7.3
Mozilla Network Security Services 3.4.2
Mozilla Network Security Services 3.3.2
Mozilla Network Security Services 3.5
Mozilla Network Security Services 3.11.3
4.3
CVSSv2
CVE-2010-3170
Mozilla Firefox prior to 3.5.14 and 3.6.x prior to 3.6.11, Thunderbird prior to 3.0.9 and 3.1.x prior to 3.1.5, and SeaMonkey prior to 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle malici...
Mozilla Firefox 3.6.7
Mozilla Firefox 3.6
Mozilla Firefox 3.6.4
Mozilla Firefox 3.6.6
Mozilla Firefox 3.6.8
Mozilla Firefox 3.6.10
Mozilla Firefox 3.6.2
Mozilla Firefox 3.6.3
Mozilla Firefox 3.6.9
Mozilla Seamonkey 1.0.2
Mozilla Seamonkey 1.0.3
Mozilla Seamonkey 1.1.1
Mozilla Seamonkey 1.1.10
Mozilla Seamonkey 1.1.15
Mozilla Seamonkey 1.1.16
Mozilla Seamonkey 1.1.5
Mozilla Seamonkey 1.1.6
Mozilla Seamonkey 1.1.7
Mozilla Seamonkey 1.5.0.9
Mozilla Seamonkey 2.0
Mozilla Seamonkey 1.0
Mozilla Seamonkey 1.0.1
1.9
CVSSv2
CVE-2020-12401
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
Mozilla Firefox
1.2
CVSSv2
CVE-2020-12400
When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
Mozilla Firefox
1.2
CVSSv2
CVE-2020-12402
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the rec...
Mozilla Firefox
Opensuse Leap 15.1
Fedoraproject Fedora 32
Opensuse Leap 15.2
Debian Debian Linux 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2