Security researcher Matthew Green reported a Diffie–Hellman
(DHE) key processing issue in Network Security Services (NSS) where a
man-in-the-middle (MITM) attacker can force a server to downgrade TLS
connections to 512-bit export-grade cryptography by modifying client
requests to include only export-grade cipher suites. The resulting
weak key can then be leveraged to impersonate the server. This attack
is detailed in the "Imperfect Forward
Secrecy: How Diffie-Hellman Fails in Practice" paper and is known as the
"Logjam Attack."This issue was fixed in NSS version 3.19.1 by limiting the lower strength of
supported DHE keys to use 1023 bit primes.
Security researcher Karthikeyan Bhargavan reported an issue
in Network Security Services (NSS) where MD5 signatures in the server signature within the
TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has
officially disallowed the accepting MD5 as a hash algorithm in signatures since 2011. This
issues exposes NSS based clients such as Firefox to theoretical collision-based forgery
attacks. This issue was fixed in NSS version 3.20.2.
Google security researcher Michal Zalewski reported issues
with JPEG format image processing with Start Of Scan (SOS) and Define Huffman
Table (DHT) markers in the libjpeg library. This could allow for the possible
reading of arbitrary memory content as well as cross-domain image theft.