Search for packages
| purl | pkg:deb/debian/nspr@4.8.6-1%2Bsqueeze1 |
| Next non-vulnerable version | 2:4.12-1+debu8u1 |
| Latest non-vulnerable version | 2:4.12-1+debu8u1 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-bxjv-m89h-xfbp
Aliases: CVE-2013-5607 |
Mozilla has updated the version of Network Security Services (NSS) library used in Mozilla projects to NSS 3.15.3 with the exception of ESR17-based releases, which have been updated to NSS 3.14.5. This addresses several moderate to critical rated networking security issues.Google developer Andrew Tinits reported a potentially exploitable buffer overflow that was fixed in both NSS 3.15.3 and NSS 3.14.5. |
Affected by 4 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-cua7-h6xk-b7e6
Aliases: CVE-2014-1545 |
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team reported an out of bounds write in the Netscape Portable Runtime (NSPR) leading to a potentially exploitable crash or code execution. This issue is fixed in NSPR version 4.10.6. This NSPR flaw was not exposed to web content in any shipped version of Firefox. |
Affected by 4 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-wh2u-5ttv-tbez
Aliases: CVE-2015-7183 |
Mozilla engineers Tyson Smith and David Keeler reported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security Services (NSS). These issues were in octet string parsing and were found through fuzzing and code inspection. If these issues were triggered, they would lead to a potentially exploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in Firefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in the Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation. This leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS. |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-zqyw-71ug-e3gt
Aliases: CVE-2016-1951 |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-99gq-h7we-wbc7 | Mozilla developers took fixes from previously fixed memory safety bugs in newer Mozilla-based products and ported them to the Mozilla 1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey 1.1. |
CVE-2009-2463
|
| VCID-uwpq-kb7b-b7he | Security researcher Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in Mozilla's string to floating point number conversion routines. Using this vulnerability an attacker could craft some malicious JavaScript code containing a very long string to be converted to a floating point number which would result in improper memory allocation and the execution of an arbitrary memory location. This vulnerability could thus be leveraged by the attacker to run arbitrary code on a victim's computer.Update: The underlying flaw in the dtoa routines used by Mozilla appears to be essentially the same as that reported against the libc gdtoa routine by Maksymilian Arciemowicz. |
CVE-2009-0689
|