Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla network security services - vulnerabilities and exploits
(subscribe to this query)
4.7
CVSSv3
CVE-2020-12400
When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
Mozilla Firefox
4.7
CVSSv3
CVE-2020-12401
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
Mozilla Firefox
9.1
CVSSv3
CVE-2020-12403
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions prior to 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly ...
Mozilla Nss
2 Github repositories
8.8
CVSSv3
CVE-2019-11756
Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71.
Mozilla Firefox
7.3
CVSSv3
CVE-2016-1978
Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) prior to 3.21, as used in Mozilla Firefox prior to 44.0, allows remote malicious users to cause a denial of service or possibly have unspecified other impact b...
Mozilla Firefox
Mozilla Network Security Services
6.5
CVSSv3
CVE-2016-1938
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) prior to 3.21, as used in Mozilla Firefox prior to 44.0, improperly divides numbers, which might make it easier for remote malicious users to defeat cryptographic protection mechanisms by lev...
Opensuse Opensuse 13.1
Opensuse Leap 42.1
Opensuse Opensuse 13.2
Mozilla Nss
Mozilla Firefox
NA
CVE-2009-3555
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and previous versions, OpenSSL prior to 0.9.8l, GnuTLS 2.8.5 and previous versions, Mozilla Network Security Ser...
Openssl Openssl 1.0
Apache Http Server
Openssl Openssl
Gnu Gnutls
Mozilla Nss
Debian Debian Linux 5.0
Canonical Ubuntu Linux 10.10
Fedoraproject Fedora 11
Fedoraproject Fedora 13
Debian Debian Linux 4.0
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 9.04
Debian Debian Linux 6.0
Fedoraproject Fedora 12
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 9.10
Fedoraproject Fedora 14
F5 Nginx
2 EDB exploits
10 Github repositories
NA
CVE-2009-2404
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) prior to 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (applicatio...
Mozilla Network Security Services 3.12.3
NA
CVE-2009-2409
The Network Security Services (NSS) library prior to 3.12.3, as used in Firefox; GnuTLS prior to 2.6.4 and 2.7.4; OpenSSL 0.9.8 up to and including 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote malicious users to spoof certificates by us...
Mozilla Firefox
Mozilla Nss
Mozilla Nss 3.0
Mozilla Nss 3.2
Mozilla Nss 3.2.1
Mozilla Nss 3.3
Mozilla Nss 3.3.1
Mozilla Nss 3.3.2
Mozilla Nss 3.4
Mozilla Nss 3.4.1
Mozilla Nss 3.4.2
Mozilla Nss 3.4.3
Mozilla Nss 3.5
Mozilla Nss 3.6
Mozilla Nss 3.6.1
Mozilla Nss 3.7
Mozilla Nss 3.7.1
Mozilla Nss 3.7.2
Mozilla Nss 3.7.3
Mozilla Nss 3.7.5
Mozilla Nss 3.7.7
Mozilla Nss 3.8
NA
CVE-2013-1620
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote malicious users to conduct distinguishing attacks and...
Mozilla Network Security Services
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 12.04
Oracle Glassfish Server 2.1.1
Oracle Iplanet Web Proxy Server 4.0
Oracle Traffic Director 11.1.1.7.0
Oracle Iplanet Web Server 7.0
Oracle Vm Server 3.2
Oracle Glassfish Communications Server 2.0
Oracle Enterprise Manager Ops Center 12.1
Oracle Enterprise Manager Ops Center 12.2
Oracle Iplanet Web Server 6.1
Oracle Enterprise Manager Ops Center 11.1
Oracle Opensso 3.0-03
Oracle Traffic Director 11.1.1.6.0
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »