Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla network security services vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2020-15666
When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to infe...
Mozilla Firefox
383
VMScore
CVE-2020-15572
Tor prior to 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.
Torproject Tor
Torproject Tor 0.4.4.0
Torproject Tor 0.4.4.1
383
VMScore
CVE-2019-17023
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Fi...
Mozilla Firefox
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Debian Debian Linux 10.0
383
VMScore
CVE-2018-12384
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact T...
Mozilla Network Security Services
1 Github repository
383
VMScore
CVE-2014-1492
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) prior to 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the...
Mozilla Network Security Services 3.15.3.1
Mozilla Network Security Services 3.12
Mozilla Network Security Services 3.12.1
Mozilla Network Security Services 3.12.4
Mozilla Network Security Services 3.12.5
Mozilla Network Security Services 3.14.3
Mozilla Network Security Services 3.14.4
Mozilla Network Security Services 3.2.1
Mozilla Network Security Services 3.3
Mozilla Network Security Services 3.6
Mozilla Network Security Services 3.6.1
Mozilla Network Security Services 3.7
Mozilla Network Security Services 3.11.4
Mozilla Network Security Services 3.11.5
Mozilla Network Security Services 3.12.3.1
Mozilla Network Security Services 3.9
Mozilla Network Security Services 3.12.3.2
Mozilla Network Security Services 3.14.1
Mozilla Network Security Services 3.14.2
Mozilla Network Security Services 3.15.3
Mozilla Network Security Services 3.2
Mozilla Network Security Services 3.4.2
383
VMScore
CVE-2013-2566
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote malicious users to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
Oracle Communications Application Session Controller
Oracle Http Server 11.1.1.7.0
Oracle Http Server 11.1.1.9.0
Oracle Http Server 12.1.3.0.0
Oracle Http Server 12.2.1.1.0
Oracle Http Server 12.2.1.2.0
Oracle Integrated Lights Out Manager Firmware
Fujitsu Sparc Enterprise M3000 Firmware
Fujitsu Sparc Enterprise M4000 Firmware
Fujitsu Sparc Enterprise M5000 Firmware
Fujitsu Sparc Enterprise M8000 Firmware
Fujitsu Sparc Enterprise M9000 Firmware
Fujitsu M10-1 Firmware
Fujitsu M10-4 Firmware
Fujitsu M10-4s Firmware
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 13.04
Canonical Ubuntu Linux 13.10
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Seamonkey
1 Github repository
383
VMScore
CVE-2013-1620
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote malicious users to conduct distinguishing attacks and...
Mozilla Network Security Services
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 12.04
Oracle Glassfish Server 2.1.1
Oracle Iplanet Web Proxy Server 4.0
Oracle Traffic Director 11.1.1.7.0
Oracle Iplanet Web Server 7.0
Oracle Vm Server 3.2
Oracle Glassfish Communications Server 2.0
Oracle Enterprise Manager Ops Center 12.1
Oracle Enterprise Manager Ops Center 12.2
Oracle Iplanet Web Server 6.1
Oracle Enterprise Manager Ops Center 11.1
Oracle Opensso 3.0-03
Oracle Traffic Director 11.1.1.6.0
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
383
VMScore
CVE-2011-5094
Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote malicious users to cause a denial of servic...
Mozilla Network Security Services 3.11.2
Mozilla Network Security Services 3.6.1
Mozilla Network Security Services 3.2
Mozilla Network Security Services 3.11.4
Mozilla Network Security Services 3.7.7
Mozilla Network Security Services 3.7.5
Mozilla Network Security Services 3.7.1
Mozilla Network Security Services 3.6
Mozilla Network Security Services 3.2.1
Mozilla Network Security Services 3.9
Mozilla Network Security Services 3.4
Mozilla Network Security Services 3.8
Mozilla Network Security Services 3.4.1
Mozilla Network Security Services 3.11.5
Mozilla Network Security Services 3.7
Mozilla Network Security Services 3.7.2
Mozilla Network Security Services 3.3
Mozilla Network Security Services 3.7.3
Mozilla Network Security Services 3.4.2
Mozilla Network Security Services 3.3.2
Mozilla Network Security Services 3.5
Mozilla Network Security Services 3.11.3
383
VMScore
CVE-2010-3170
Mozilla Firefox prior to 3.5.14 and 3.6.x prior to 3.6.11, Thunderbird prior to 3.0.9 and 3.1.x prior to 3.1.5, and SeaMonkey prior to 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle malici...
Mozilla Firefox 3.6.7
Mozilla Firefox 3.6
Mozilla Firefox 3.6.4
Mozilla Firefox 3.6.6
Mozilla Firefox 3.6.8
Mozilla Firefox 3.6.10
Mozilla Firefox 3.6.2
Mozilla Firefox 3.6.3
Mozilla Firefox 3.6.9
Mozilla Seamonkey 1.0.2
Mozilla Seamonkey 1.0.3
Mozilla Seamonkey 1.1.1
Mozilla Seamonkey 1.1.10
Mozilla Seamonkey 1.1.15
Mozilla Seamonkey 1.1.16
Mozilla Seamonkey 1.1.5
Mozilla Seamonkey 1.1.6
Mozilla Seamonkey 1.1.7
Mozilla Seamonkey 1.5.0.9
Mozilla Seamonkey 2.0
Mozilla Seamonkey 1.0
Mozilla Seamonkey 1.0.1
356
VMScore
CVE-2006-4340
Mozilla Network Security Service (NSS) library prior to 3.11.3, as used in Mozilla Firefox prior to 1.5.0.7, Thunderbird prior to 1.5.0.7, and SeaMonkey prior to 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote ...
Mozilla Seamonkey
Mozilla Network Security Services
Mozilla Firefox
Mozilla Thunderbird
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »