Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla network security services vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-12404
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.
Mozilla Network Security Services
4.3
CVSSv2
CVE-2018-12384
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact T...
Mozilla Network Security Services
1 Github repository
5
CVSSv2
CVE-2017-5462
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28....
Debian Debian Linux 8.0
Mozilla Firefox Esr
Mozilla Thunderbird
Mozilla Firefox
Mozilla Network Security Services
Mozilla Firefox Esr 52.0
4.6
CVSSv2
CVE-2017-11697
The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent malicious users to cause a denial of service (floating point exception and crash) via a crafted cert8.db file.
Mozilla Network Security Services -
4.6
CVSSv2
CVE-2017-11696
Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent malicious users to have unspecified impact using a crafted cert8.db file.
Mozilla Network Security Services -
4.6
CVSSv2
CVE-2017-11698
Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent malicious users to have unspecified impact using a crafted cert8.db file.
Mozilla Network Security Services -
4.6
CVSSv2
CVE-2017-11695
Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent malicious users to have unspecified impact using a crafted cert8.db file.
Mozilla Network Security Services -
5
CVSSv2
CVE-2017-7502
Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.
Mozilla Network Security Services 3.25.0
Mozilla Network Security Services 3.29.1
Mozilla Network Security Services 3.29.0
Mozilla Network Security Services 3.30.0
Mozilla Network Security Services 3.29.2
Mozilla Network Security Services 3.25.1
Mozilla Network Security Services 3.28.1
Mozilla Network Security Services 3.26.2
Mozilla Network Security Services 3.30.1
Mozilla Network Security Services 3.24.0
Mozilla Network Security Services 3.27.0
Mozilla Network Security Services 3.29.3
Mozilla Network Security Services 3.28.0
Mozilla Network Security Services 3.27.2
Mozilla Network Security Services 3.28.3
Mozilla Network Security Services 3.28.2
Mozilla Network Security Services 3.27.1
Mozilla Network Security Services 3.26.0
6.8
CVSSv2
CVE-2016-1950
Heap-based buffer overflow in Mozilla Network Security Services (NSS) prior to 3.19.2.3 and 3.20.x and 3.21.x prior to 3.21.1, as used in Mozilla Firefox prior to 45.0 and Firefox ESR 38.x prior to 38.7, allows remote malicious users to execute arbitrary code via crafted ASN.1 da...
Mozilla Network Security Services 3.21
Mozilla Network Security Services 3.19.2
Mozilla Network Security Services 3.20
Mozilla Network Security Services 3.20.1
Mozilla Firefox
Mozilla Firefox Esr 38.6.1
Mozilla Firefox Esr 38.1.1
Mozilla Firefox Esr 38.1.0
Mozilla Firefox Esr 38.2.1
Mozilla Firefox Esr 38.2.0
Mozilla Firefox Esr 38.6.0
Mozilla Firefox Esr 38.5.1
Mozilla Firefox Esr 38.0.5
Mozilla Firefox Esr 38.0.1
Mozilla Firefox Esr 38.5.0
Mozilla Firefox Esr 38.4.0
Mozilla Firefox Esr 38.3.0
Mozilla Firefox Esr 38.0
Oracle Linux 5.0
Oracle Vm Server 3.2
Oracle Linux 7
Oracle Linux 6
7.5
CVSSv2
CVE-2016-1978
Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) prior to 3.21, as used in Mozilla Firefox prior to 44.0, allows remote malicious users to cause a denial of service or possibly have unspecified other impact b...
Mozilla Firefox
Mozilla Network Security Services
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »