Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nss vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2007-0009
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) prior to 3.11.5, as used by Firefox prior to 1.5.0.10 and 2.x prior to 2.0.0.2, Thunderbird prior to 1.5.0.10, SeaMonkey prior to 1.0.8, and certain Sun Java System server products prior t...
Mozilla Firefox
Mozilla Network Security Services
Mozilla Seamonkey
Mozilla Thunderbird
Debian Debian Linux 4.0
Debian Debian Linux 3.1
Canonical Ubuntu Linux 5.10
Canonical Ubuntu Linux 6.10
Canonical Ubuntu Linux 6.06
4.3
CVSSv2
CVE-2019-17023
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Fi...
Mozilla Firefox
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Debian Debian Linux 10.0
NA
CVE-2023-5388
NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an malicious user to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
NA
CVE-2022-34480
Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox < 102.
Mozilla Firefox
4.3
CVSSv2
CVE-2013-2566
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote malicious users to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
Oracle Communications Application Session Controller
Oracle Http Server 11.1.1.7.0
Oracle Http Server 11.1.1.9.0
Oracle Http Server 12.1.3.0.0
Oracle Http Server 12.2.1.1.0
Oracle Http Server 12.2.1.2.0
Oracle Integrated Lights Out Manager Firmware
Fujitsu Sparc Enterprise M3000 Firmware
Fujitsu Sparc Enterprise M4000 Firmware
Fujitsu Sparc Enterprise M5000 Firmware
Fujitsu Sparc Enterprise M8000 Firmware
Fujitsu Sparc Enterprise M9000 Firmware
Fujitsu M10-1 Firmware
Fujitsu M10-4 Firmware
Fujitsu M10-4s Firmware
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 13.04
Canonical Ubuntu Linux 13.10
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Seamonkey
1 Github repository
4.6
CVSSv2
CVE-2017-11695
Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent malicious users to have unspecified impact using a crafted cert8.db file.
Mozilla Network Security Services -
4.6
CVSSv2
CVE-2017-11696
Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent malicious users to have unspecified impact using a crafted cert8.db file.
Mozilla Network Security Services -
6.8
CVSSv2
CVE-2009-2408
Mozilla Network Security Services (NSS) prior to 3.12.3, Firefox prior to 3.0.13, Thunderbird prior to 2.0.0.23, and SeaMonkey prior to 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, ...
Mozilla Network Security Services
Mozilla Firefox
Mozilla Seamonkey
Mozilla Thunderbird
Suse Linux Enterprise Server 9
Suse Linux Enterprise 11.0
Suse Linux Enterprise 10.0
Opensuse Opensuse
Debian Debian Linux 5.0
Canonical Ubuntu Linux 9.04
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 8.04
1.2
CVSSv2
CVE-2020-12402
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the rec...
Mozilla Firefox
Opensuse Leap 15.1
Fedoraproject Fedora 32
Opensuse Leap 15.2
Debian Debian Linux 9.0
NA
CVE-2023-0767
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
Mozilla Firefox Esr
Mozilla Thunderbird
Mozilla Firefox
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »