Search for packages
| purl | pkg:deb/debian/nspr@2:4.9.2-1%2Bdeb7u3 |
| Next non-vulnerable version | 2:4.12-1+debu8u1 |
| Latest non-vulnerable version | 2:4.12-1+debu8u1 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-bxjv-m89h-xfbp
Aliases: CVE-2013-5607 |
Mozilla has updated the version of Network Security Services (NSS) library used in Mozilla projects to NSS 3.15.3 with the exception of ESR17-based releases, which have been updated to NSS 3.14.5. This addresses several moderate to critical rated networking security issues.Google developer Andrew Tinits reported a potentially exploitable buffer overflow that was fixed in both NSS 3.15.3 and NSS 3.14.5. |
Affected by 2 other vulnerabilities. |
|
VCID-cua7-h6xk-b7e6
Aliases: CVE-2014-1545 |
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team reported an out of bounds write in the Netscape Portable Runtime (NSPR) leading to a potentially exploitable crash or code execution. This issue is fixed in NSPR version 4.10.6. This NSPR flaw was not exposed to web content in any shipped version of Firefox. |
Affected by 2 other vulnerabilities. |
|
VCID-wh2u-5ttv-tbez
Aliases: CVE-2015-7183 |
Mozilla engineers Tyson Smith and David Keeler reported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security Services (NSS). These issues were in octet string parsing and were found through fuzzing and code inspection. If these issues were triggered, they would lead to a potentially exploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in Firefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in the Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation. This leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS. |
Affected by 0 other vulnerabilities. |
|
VCID-zqyw-71ug-e3gt
Aliases: CVE-2016-1951 |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-bxjv-m89h-xfbp | Mozilla has updated the version of Network Security Services (NSS) library used in Mozilla projects to NSS 3.15.3 with the exception of ESR17-based releases, which have been updated to NSS 3.14.5. This addresses several moderate to critical rated networking security issues.Google developer Andrew Tinits reported a potentially exploitable buffer overflow that was fixed in both NSS 3.15.3 and NSS 3.14.5. |
CVE-2013-5607
|
| VCID-cua7-h6xk-b7e6 | Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team reported an out of bounds write in the Netscape Portable Runtime (NSPR) leading to a potentially exploitable crash or code execution. This issue is fixed in NSPR version 4.10.6. This NSPR flaw was not exposed to web content in any shipped version of Firefox. |
CVE-2014-1545
|
| VCID-wh2u-5ttv-tbez | Mozilla engineers Tyson Smith and David Keeler reported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security Services (NSS). These issues were in octet string parsing and were found through fuzzing and code inspection. If these issues were triggered, they would lead to a potentially exploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in Firefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in the Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation. This leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS. |
CVE-2015-7183
|