Debian Bug report logs -
#735105
CVE-2013-1741 and CVE-2013-5606 in wheezy
Package:
libnss3;
Maintainer for libnss3 is Maintainers of Mozilla-related packages <team+pkg-mozilla@trackerdebianorg>; Source for libnss3 is src:nss (PTS, buildd, popcon)
Reported by: Arne Wichmann <aw@linuxde>
Date: Sun, 12 Jan 2014 18:5 ...
Synopsis
Important: nss, nspr, and nss-util security update
Type/Severity
Security Advisory: Important
Topic
Updated nss, nspr, and nss-util packages that fix multiple security issuesare now available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as havingimportant ...
Synopsis
Important: nss and nspr security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Topic
Updated nss and nspr packages that fix multiple security issues, severalbugs, and add various enhancements are now available for Red Hat EnterpriseLinux 5The Red Hat Security Response ...
Several vulnerabilities have been discovered in nss, the Mozilla Network
Security Service library:
CVE-2013-1741
Runaway memset in certificate parsing on 64-bit computers leading to
a crash by attempting to write 4Gb of nulls
CVE-2013-5606
Certificate validation with the verifylog mode did not return
validation errors, but instead ...
Several security issues were fixed in NSS ...
Several security issues were fixed in Thunderbird ...
Several security issues were fixed in Firefox ...
A flaw was found in the way NSS handled invalid handshake packets A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application (CVE-2013-5605)
It was found that the fix for CVE-2013-1620 introduced a regression causing NSS to read un ...
A flaw was found in the way NSS handled invalid handshake packets A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application (CVE-2013-5605)
It was found that the fix for CVE-2013-1620 introduced a regression causing NSS to read un ...
Mozilla Foundation Security Advisory 2013-103
Miscellaneous Network Security Services (NSS) vulnerabilities
Announced
November 15, 2013
Impact
Critical
Products
Firefox, Firefox ESR, SeaMonkey, Thunderbird, Thunderbird ESR
Fixed in
...