Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla network security services vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2019-17023
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Fi...
Mozilla Firefox
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Debian Debian Linux 10.0
6.5
CVSSv3
CVE-2016-1938
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) prior to 3.21, as used in Mozilla Firefox prior to 44.0, improperly divides numbers, which might make it easier for remote malicious users to defeat cryptographic protection mechanisms by lev...
Opensuse Opensuse 13.1
Opensuse Leap 42.1
Opensuse Opensuse 13.2
Mozilla Nss
Mozilla Firefox
5.9
CVSSv3
CVE-2018-12404
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.
Mozilla Network Security Services
5.9
CVSSv3
CVE-2018-12384
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact T...
Mozilla Network Security Services
1 Github repository
5.9
CVSSv3
CVE-2013-2566
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote malicious users to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
Oracle Communications Application Session Controller
Oracle Http Server 11.1.1.7.0
Oracle Http Server 11.1.1.9.0
Oracle Http Server 12.1.3.0.0
Oracle Http Server 12.2.1.1.0
Oracle Http Server 12.2.1.2.0
Oracle Integrated Lights Out Manager Firmware
Fujitsu Sparc Enterprise M3000 Firmware
Fujitsu Sparc Enterprise M4000 Firmware
Fujitsu Sparc Enterprise M5000 Firmware
Fujitsu Sparc Enterprise M8000 Firmware
Fujitsu Sparc Enterprise M9000 Firmware
Fujitsu M10-1 Firmware
Fujitsu M10-4 Firmware
Fujitsu M10-4s Firmware
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 13.04
Canonical Ubuntu Linux 13.10
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Seamonkey
1 Github repository
5.9
CVSSv3
CVE-2009-2408
Mozilla Network Security Services (NSS) prior to 3.12.3, Firefox prior to 3.0.13, Thunderbird prior to 2.0.0.23, and SeaMonkey prior to 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, ...
Mozilla Network Security Services
Mozilla Firefox
Mozilla Seamonkey
Mozilla Thunderbird
Suse Linux Enterprise Server 9
Suse Linux Enterprise 11.0
Suse Linux Enterprise 10.0
Opensuse Opensuse
Debian Debian Linux 5.0
Canonical Ubuntu Linux 9.04
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 8.04
5.3
CVSSv3
CVE-2020-6829
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been com...
Mozilla Firefox
5.3
CVSSv3
CVE-2019-11727
A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messag...
Mozilla Firefox
5.3
CVSSv3
CVE-2017-5462
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28....
Debian Debian Linux 8.0
Mozilla Firefox Esr
Mozilla Thunderbird
Mozilla Firefox
Mozilla Network Security Services
Mozilla Firefox Esr 52.0
4.7
CVSSv3
CVE-2020-12400
When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
Mozilla Firefox
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »