Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla nss vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2007-0009
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) prior to 3.11.5, as used by Firefox prior to 1.5.0.10 and 2.x prior to 2.0.0.2, Thunderbird prior to 1.5.0.10, SeaMonkey prior to 1.0.8, and certain Sun Java System server products prior t...
Mozilla Firefox
Mozilla Network Security Services
Mozilla Seamonkey
Mozilla Thunderbird
Debian Debian Linux 4.0
Debian Debian Linux 3.1
Canonical Ubuntu Linux 5.10
Canonical Ubuntu Linux 6.10
Canonical Ubuntu Linux 6.06
593
VMScore
CVE-2009-3555
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and previous versions, OpenSSL prior to 0.9.8l, GnuTLS 2.8.5 and previous versions, Mozilla Network Security Ser...
Openssl Openssl 1.0
Apache Http Server
Openssl Openssl
Gnu Gnutls
Mozilla Nss
Debian Debian Linux 5.0
Canonical Ubuntu Linux 10.10
Fedoraproject Fedora 11
Fedoraproject Fedora 13
Debian Debian Linux 4.0
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 9.04
Debian Debian Linux 6.0
Fedoraproject Fedora 12
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 9.10
Fedoraproject Fedora 14
F5 Nginx
2 EDB exploits
10 Github repositories
571
VMScore
CVE-2020-12403
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions prior to 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly ...
Mozilla Nss
2 Github repositories
570
VMScore
CVE-2016-1938
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) prior to 3.21, as used in Mozilla Firefox prior to 44.0, improperly divides numbers, which might make it easier for remote malicious users to defeat cryptographic protection mechanisms by lev...
Opensuse Opensuse 13.1
Opensuse Leap 42.1
Opensuse Opensuse 13.2
Mozilla Nss
Mozilla Firefox
570
VMScore
CVE-2007-0779
GUI overlay vulnerability in Mozilla Firefox 1.5.x prior to 1.5.0.10 and 2.x prior to 2.0.0.2, and SeaMonkey prior to 1.0.8 allows remote malicious users to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a l...
Mozilla Firefox 0.9.2
Mozilla Firefox 0.9.3
Mozilla Firefox 0.9 Rc
Mozilla Firefox 1.0.6
Mozilla Firefox 1.0.7
Mozilla Firefox 1.5.0.5
Mozilla Firefox 1.5.0.6
Mozilla Firefox 2.0
Mozilla Firefox 2.0.0.1
Mozilla Seamonkey 1.0.3
Mozilla Seamonkey 1.0.4
Mozilla Seamonkey 1.0
Mozilla Firefox 0.8
Mozilla Firefox 0.9.1
Mozilla Firefox 1.0.4
Mozilla Firefox 1.0.5
Mozilla Firefox 1.5.0.3
Mozilla Firefox 1.5.0.4
Mozilla Firefox 1.5.8
Mozilla Firefox 1.5
Mozilla Seamonkey 1.0.1
Mozilla Seamonkey 1.0.2
570
VMScore
CVE-2006-5462
Mozilla Network Security Service (NSS) library prior to 3.11.3, as used in Mozilla Firefox prior to 1.5.0.8, Thunderbird prior to 1.5.0.8, and SeaMonkey prior to 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote ...
Mozilla Firefox 1.5.0.2
Mozilla Firefox 1.5.0.3
Mozilla Seamonkey 1.0
Mozilla Seamonkey 1.0.1
Mozilla Thunderbird 1.5
Mozilla Firefox 1.5
Mozilla Firefox 1.5.0.1
Mozilla Network Security Services 3.11.3
Mozilla Thunderbird 1.5.0.6
Mozilla Thunderbird 1.5.0.7
Mozilla Firefox 1.5.0.4
Mozilla Firefox 1.5.0.5
Mozilla Seamonkey 1.0.2
Mozilla Seamonkey 1.0.3
Mozilla Thunderbird 1.5.0.1
Mozilla Thunderbird 1.5.0.2
Mozilla Firefox 1.5.0.6
Mozilla Firefox 1.5.0.7
Mozilla Seamonkey 1.0.4
Mozilla Seamonkey 1.0.5
Mozilla Thunderbird 1.5.0.3
Mozilla Thunderbird 1.5.0.4
516
VMScore
CVE-2013-5606
The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 prior to 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote malicious users ...
Mozilla Network Security Services 3.15.1
Mozilla Network Security Services 3.15.2
Mozilla Network Security Services 3.15
516
VMScore
CVE-2007-0996
The child frames in Mozilla Firefox prior to 1.5.0.10 and 2.x prior to 2.0.0.2, and SeaMonkey prior to 1.0.8 inherit the default charset from the parent window, which allows remote malicious users to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 char...
Mozilla Firefox 1.5.0.5
Mozilla Firefox 1.5.0.6
Mozilla Firefox 2.0.0.1
Mozilla Firefox 2.0
Mozilla Seamonkey 1.0.5
Mozilla Seamonkey 1.0.6
Mozilla Firefox 1.5.0.3
Mozilla Firefox 1.5.0.4
Mozilla Firefox 1.5
Mozilla Seamonkey 1.0.3
Mozilla Seamonkey 1.0.4
Mozilla Firefox 1.5.0.7
Mozilla Firefox 1.5.0.8
Mozilla Seamonkey 1.0
Mozilla Seamonkey 1.0.7
Mozilla Firefox 1.5.0.1
Mozilla Firefox 1.5.0.2
Mozilla Firefox 1.5.0.9
Mozilla Seamonkey 1.0.1
Mozilla Seamonkey 1.0.2
481
VMScore
CVE-2007-0778
The page cache feature in Mozilla Firefox prior to 1.5.0.10 and 2.x prior to 2.0.0.2, and SeaMonkey prior to 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote malicious users to obtain sensitive information or enab...
Mozilla Firefox
Mozilla Seamonkey
Canonical Ubuntu Linux 6.06
Canonical Ubuntu Linux 6.10
Canonical Ubuntu Linux 5.10
Debian Debian Linux 3.1
454
VMScore
CVE-2019-9811
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird <...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
Debian Debian Linux 8.0
Novell Suse Package Hub For Suse Linux Enterprise 12
Opensuse Leap 15.0
Opensuse Leap 15.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »