Search for packages
| purl | pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3 |
| Next non-vulnerable version | 2:3.87.1-1+deb12u2 |
| Latest non-vulnerable version | 2:3.87.1-1+deb12u2 |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2tts-gwgd-zqcz
Aliases: CVE-2023-5388 |
A vulnerability has been discovered in NSS, which can lead to the recovery of private data. |
Affected by 0 other vulnerabilities. |
|
VCID-3nrj-5r53-37ab
Aliases: CVE-2023-6135 |
Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could lead to remote code execution. |
Affected by 0 other vulnerabilities. |
|
VCID-46cy-x3cp-tke5
Aliases: CVE-2024-0743 |
Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
Affected by 3 other vulnerabilities. |
|
VCID-paez-g9wh-mfeq
Aliases: CVE-2024-6609 |
Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which arbitrary code execution. |
Affected by 3 other vulnerabilities. |
|
VCID-vszp-vyxy-f7g7
Aliases: CVE-2026-2781 |
Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 3 other vulnerabilities. |
|
VCID-w794-gqex-83du
Aliases: CVE-2024-6602 |
Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2zrv-q4tb-wqeg | The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected ciphertexts, the attacker would be able to decrypt a previously intercepted PKCS#1 v1.5 ciphertext (for example, to decrypt a TLS session that used RSA key exchange), or forge a signature using the victim's key. The issue was fixed by implementing the implicit rejection algorithm, in which the NSS returns a deterministic random message in case invalid padding is detected, as proposed in the Marvin Attack paper. |
CVE-2023-4421
|
| VCID-6fvj-phnx-kfgs | After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. |
CVE-2019-17023
|
| VCID-7msj-wyd6-zkbe | nss: Check length of inputs for cryptographic primitives |
CVE-2019-17006
|
| VCID-8qtg-h4km-bfg2 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11719
|
| VCID-cgvg-aj53-kkbp | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-0767
|
| VCID-ewe9-39b1-kba2 | A vulnerability in NSS might allow remote attackers to cause a Denial of Service condition. |
CVE-2020-25648
|
| VCID-hs5f-21nx-gfeb | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11729
|
| VCID-jrsz-ynp7-wbb2 | Multiple vulnerabilities have been discovered in NSS, the worst of which could result in arbitrary code execution. |
CVE-2021-43527
|
| VCID-k2s2-zkua-8ydy | NSS has an information disclosure vulnerability when handling DSA keys. |
CVE-2020-12399
|
| VCID-k4a4-f1as-x3bj | NSS has multiple information disclosure vulnerabilities when handling secret key material. |
CVE-2020-12400
|
| VCID-mx8t-s47w-wud5 | When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. |
CVE-2020-6829
|
| VCID-rk7t-zjzg-eqar | NSS has multiple information disclosure vulnerabilities when handling secret key material. |
CVE-2020-12401
|
| VCID-szzk-wxm2-cfgj | NSS has multiple information disclosure vulnerabilities when handling secret key material. |
CVE-2020-12403
|
| VCID-vjas-pry4-93cz | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2020-12402
|
| VCID-vzb9-aeqz-hybr | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11745
|
| VCID-wavp-f4kn-j3cm | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11727
|
| VCID-x1ty-wqph-gkak | nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS |
CVE-2019-17007
|
| VCID-y43f-tmvr-hqas | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-22747
|