Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla nss 3.6 vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2020-12403
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions prior to 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly ...
Mozilla Nss
2 Github repositories
NA
CVE-2009-2409
The Network Security Services (NSS) library prior to 3.12.3, as used in Firefox; GnuTLS prior to 2.6.4 and 2.7.4; OpenSSL 0.9.8 up to and including 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote malicious users to spoof certificates by us...
Mozilla Firefox
Mozilla Nss
Mozilla Nss 3.0
Mozilla Nss 3.2
Mozilla Nss 3.2.1
Mozilla Nss 3.3
Mozilla Nss 3.3.1
Mozilla Nss 3.3.2
Mozilla Nss 3.4
Mozilla Nss 3.4.1
Mozilla Nss 3.4.2
Mozilla Nss 3.4.3
Mozilla Nss 3.5
Mozilla Nss 3.6
Mozilla Nss 3.6.1
Mozilla Nss 3.7
Mozilla Nss 3.7.1
Mozilla Nss 3.7.2
Mozilla Nss 3.7.3
Mozilla Nss 3.7.5
Mozilla Nss 3.7.7
Mozilla Nss 3.8
NA
CVE-2012-0441
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) prior to 3.13.4, as used in Firefox 4.x up to and including 12.0, Firefox ESR 10.x prior to 10.0.5, Thunderbird 5.0 up to and including 12.0, Thunderbird ESR 10.x prior to 10.0.5, and SeaMonkey p...
Mozilla Firefox 4.0
Mozilla Firefox 5.0
Mozilla Firefox 5.0.1
Mozilla Firefox 8.0.1
Mozilla Firefox 9.0.1
Mozilla Firefox Esr 10.0
Mozilla Firefox Esr 10.0.1
Mozilla Thunderbird 6.0.2
Mozilla Thunderbird 7.0.1
Mozilla Thunderbird 10.0.1
Mozilla Thunderbird 10.0
Mozilla Thunderbird 10.0.4
Mozilla Thunderbird Esr 10.0.4
Mozilla Seamonkey
Mozilla Seamonkey 2.8
Mozilla Seamonkey 2.7
Mozilla Seamonkey 2.6.1
Mozilla Seamonkey 2.5
Mozilla Seamonkey 2.4
Mozilla Seamonkey 2.3
Mozilla Firefox 7.0
Mozilla Firefox 8.0
NA
CVE-2014-1492
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) prior to 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the...
Mozilla Network Security Services 3.15.3.1
Mozilla Network Security Services 3.12
Mozilla Network Security Services 3.12.1
Mozilla Network Security Services 3.12.4
Mozilla Network Security Services 3.12.5
Mozilla Network Security Services 3.14.3
Mozilla Network Security Services 3.14.4
Mozilla Network Security Services 3.2.1
Mozilla Network Security Services 3.3
Mozilla Network Security Services 3.6
Mozilla Network Security Services 3.6.1
Mozilla Network Security Services 3.7
Mozilla Network Security Services 3.11.4
Mozilla Network Security Services 3.11.5
Mozilla Network Security Services 3.12.3.1
Mozilla Network Security Services 3.9
Mozilla Network Security Services 3.12.3.2
Mozilla Network Security Services 3.14.1
Mozilla Network Security Services 3.14.2
Mozilla Network Security Services 3.15.3
Mozilla Network Security Services 3.2
Mozilla Network Security Services 3.4.2
NA
CVE-2010-3173
The SSL implementation in Mozilla Firefox prior to 3.5.14 and 3.6.x prior to 3.6.11, Thunderbird prior to 3.0.9 and 3.1.x prior to 3.1.5, and SeaMonkey prior to 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for r...
Mozilla Firefox 3.6
Mozilla Firefox 3.6.8
Mozilla Firefox 3.6.2
Mozilla Firefox 3.6.10
Mozilla Firefox 3.6.9
Mozilla Firefox 3.6.6
Mozilla Firefox 3.6.7
Mozilla Firefox 3.6.3
Mozilla Firefox 3.6.4
Mozilla Seamonkey 1.0.3
Mozilla Seamonkey 1.0.4
Mozilla Seamonkey 1.0.5
Mozilla Seamonkey 1.1.10
Mozilla Seamonkey 1.0
Mozilla Seamonkey 1.1.16
Mozilla Seamonkey 1.1.17
Mozilla Seamonkey 1.1.7
Mozilla Seamonkey 1.1.8
Mozilla Seamonkey 2.0
Mozilla Seamonkey 2.0.1
Mozilla Seamonkey 1.0.6
Mozilla Seamonkey 1.0.7
NA
CVE-2010-3170
Mozilla Firefox prior to 3.5.14 and 3.6.x prior to 3.6.11, Thunderbird prior to 3.0.9 and 3.1.x prior to 3.1.5, and SeaMonkey prior to 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle malici...
Mozilla Firefox 3.6.7
Mozilla Firefox 3.6
Mozilla Firefox 3.6.4
Mozilla Firefox 3.6.6
Mozilla Firefox 3.6.8
Mozilla Firefox 3.6.10
Mozilla Firefox 3.6.2
Mozilla Firefox 3.6.3
Mozilla Firefox 3.6.9
Mozilla Seamonkey 1.0.2
Mozilla Seamonkey 1.0.3
Mozilla Seamonkey 1.1.1
Mozilla Seamonkey 1.1.10
Mozilla Seamonkey 1.1.15
Mozilla Seamonkey 1.1.16
Mozilla Seamonkey 1.1.5
Mozilla Seamonkey 1.1.6
Mozilla Seamonkey 1.1.7
Mozilla Seamonkey 1.5.0.9
Mozilla Seamonkey 2.0
Mozilla Seamonkey 1.0
Mozilla Seamonkey 1.0.1
NA
CVE-2014-1544
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox prior to 31.0, Firefox ESR 24.x prior to 24.7, and Thunderbird prior to 24.7, allows remote malicious users to execute arbitrary c...
Mozilla Firefox Esr 24.6
Mozilla Thunderbird
Mozilla Thunderbird 24.3
Mozilla Thunderbird 24.4
Mozilla Firefox Esr 24.3
Mozilla Firefox Esr 24.4
Mozilla Network Security Services 3.12.1
Mozilla Network Security Services 3.12.10
Mozilla Network Security Services 3.12.5
Mozilla Network Security Services 3.12.6
Mozilla Network Security Services 3.14.3
Mozilla Network Security Services 3.14.4
Mozilla Network Security Services 3.15.5
Mozilla Network Security Services 3.16
Mozilla Network Security Services 3.4.1
Mozilla Network Security Services 3.4.2
Mozilla Network Security Services 3.7.3
Mozilla Network Security Services 3.7.5
Mozilla Thunderbird 24.0.1
Mozilla Thunderbird 24.1
Mozilla Firefox Esr 24.0.2
Mozilla Firefox Esr 24.1.0
7.5
CVSSv3
CVE-2019-11719
When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox &l...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
NA
CVE-2011-5094
Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote malicious users to cause a denial of servic...
Mozilla Network Security Services 3.11.2
Mozilla Network Security Services 3.6.1
Mozilla Network Security Services 3.2
Mozilla Network Security Services 3.11.4
Mozilla Network Security Services 3.7.7
Mozilla Network Security Services 3.7.5
Mozilla Network Security Services 3.7.1
Mozilla Network Security Services 3.6
Mozilla Network Security Services 3.2.1
Mozilla Network Security Services 3.9
Mozilla Network Security Services 3.4
Mozilla Network Security Services 3.8
Mozilla Network Security Services 3.4.1
Mozilla Network Security Services 3.11.5
Mozilla Network Security Services 3.7
Mozilla Network Security Services 3.7.2
Mozilla Network Security Services 3.3
Mozilla Network Security Services 3.7.3
Mozilla Network Security Services 3.4.2
Mozilla Network Security Services 3.3.2
Mozilla Network Security Services 3.5
Mozilla Network Security Services 3.11.3
5.3
CVSSv3
CVE-2019-11727
A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messag...
Mozilla Firefox
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »