Search for packages
| purl | pkg:deb/debian/nss@2:3.26.2-1.1%2Bdeb9u1 |
| Next non-vulnerable version | 2:3.87.1-1+deb12u2 |
| Latest non-vulnerable version | 2:3.87.1-1+deb12u2 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2zrv-q4tb-wqeg
Aliases: CVE-2023-4421 |
The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected ciphertexts, the attacker would be able to decrypt a previously intercepted PKCS#1 v1.5 ciphertext (for example, to decrypt a TLS session that used RSA key exchange), or forge a signature using the victim's key. The issue was fixed by implementing the implicit rejection algorithm, in which the NSS returns a deterministic random message in case invalid padding is detected, as proposed in the Marvin Attack paper. |
Affected by 6 other vulnerabilities. |
|
VCID-46cy-x3cp-tke5
Aliases: CVE-2024-0743 |
Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
Affected by 3 other vulnerabilities. |
|
VCID-6fvj-phnx-kfgs
Aliases: CVE-2019-17023 |
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. |
Affected by 22 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-7msj-wyd6-zkbe
Aliases: CVE-2019-17006 |
nss: Check length of inputs for cryptographic primitives |
Affected by 22 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-8qtg-h4km-bfg2
Aliases: CVE-2019-11719 |
Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
Affected by 6 other vulnerabilities. |
|
VCID-cgvg-aj53-kkbp
Aliases: CVE-2023-0767 |
Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
Affected by 6 other vulnerabilities. |
|
VCID-dh3c-g3k3-zkb7
Aliases: CVE-2017-7805 |
Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
Affected by 22 other vulnerabilities. |
|
VCID-ewe9-39b1-kba2
Aliases: CVE-2020-25648 |
A vulnerability in NSS might allow remote attackers to cause a Denial of Service condition. |
Affected by 6 other vulnerabilities. |
|
VCID-fgv4-bz59-h7g7
Aliases: CVE-2018-18508 |
Multiple vulnerabilities have been found in Mozilla Network Security Service (NSS), the worst of which may lead to arbitrary code execution. |
Affected by 22 other vulnerabilities. |
|
VCID-hs5f-21nx-gfeb
Aliases: CVE-2019-11729 |
Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
Affected by 6 other vulnerabilities. |
|
VCID-jrsz-ynp7-wbb2
Aliases: CVE-2021-43527 |
Multiple vulnerabilities have been discovered in NSS, the worst of which could result in arbitrary code execution. |
Affected by 22 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-jvrr-2gej-bfby
Aliases: CVE-2018-12384 |
nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello |
Affected by 22 other vulnerabilities. |
|
VCID-k2s2-zkua-8ydy
Aliases: CVE-2020-12399 |
NSS has an information disclosure vulnerability when handling DSA keys. |
Affected by 22 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-k4a4-f1as-x3bj
Aliases: CVE-2020-12400 |
NSS has multiple information disclosure vulnerabilities when handling secret key material. |
Affected by 6 other vulnerabilities. |
|
VCID-mx8t-s47w-wud5
Aliases: CVE-2020-6829 |
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. |
Affected by 6 other vulnerabilities. |
|
VCID-paez-g9wh-mfeq
Aliases: CVE-2024-6609 |
Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which arbitrary code execution. |
Affected by 3 other vulnerabilities. |
|
VCID-rk7t-zjzg-eqar
Aliases: CVE-2020-12401 |
NSS has multiple information disclosure vulnerabilities when handling secret key material. |
Affected by 6 other vulnerabilities. |
|
VCID-szzk-wxm2-cfgj
Aliases: CVE-2020-12403 |
NSS has multiple information disclosure vulnerabilities when handling secret key material. |
Affected by 6 other vulnerabilities. |
|
VCID-vjas-pry4-93cz
Aliases: CVE-2020-12402 |
Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
Affected by 22 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-vszp-vyxy-f7g7
Aliases: CVE-2026-2781 |
Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 3 other vulnerabilities. |
|
VCID-vzb9-aeqz-hybr
Aliases: CVE-2019-11745 |
Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
Affected by 22 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-w794-gqex-83du
Aliases: CVE-2024-6602 |
Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
Affected by 3 other vulnerabilities. |
|
VCID-wavp-f4kn-j3cm
Aliases: CVE-2019-11727 |
Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
Affected by 6 other vulnerabilities. |
|
VCID-x1ty-wqph-gkak
Aliases: CVE-2019-17007 |
nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS |
Affected by 22 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-y43f-tmvr-hqas
Aliases: CVE-2022-22747 |
Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
Affected by 22 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-ykkw-a6a1-43fe
Aliases: CVE-2018-12404 |
nss: Cache side-channel variant of the Bleichenbacher attack |
Affected by 22 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-dh3c-g3k3-zkb7 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7805
|
| VCID-ekxy-vaed-u7cg | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-9074
|
| VCID-gfj6-dsud-g3fh | Multiple vulnerabilities have been found in NSS, the worst of which may allow execution of arbitrary code. |
CVE-2017-5462
|
| VCID-kxvg-qw8v-vydv | Multiple vulnerabilities have been found in NSS, the worst of which may allow execution of arbitrary code. |
CVE-2017-5461
|
| VCID-t89f-eksr-juen | nss: Null pointer dereference when handling empty SSLv2 messages |
CVE-2017-7502
|