Search for packages
| purl | pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3 |
| Next non-vulnerable version | 2:3.87.1-1+deb12u2 |
| Latest non-vulnerable version | 2:3.87.1-1+deb12u2 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2zrv-q4tb-wqeg
Aliases: CVE-2023-4421 |
The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected ciphertexts, the attacker would be able to decrypt a previously intercepted PKCS#1 v1.5 ciphertext (for example, to decrypt a TLS session that used RSA key exchange), or forge a signature using the victim's key. The issue was fixed by implementing the implicit rejection algorithm, in which the NSS returns a deterministic random message in case invalid padding is detected, as proposed in the Marvin Attack paper. |
Affected by 6 other vulnerabilities. |
|
VCID-46cy-x3cp-tke5
Aliases: CVE-2024-0743 |
Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
Affected by 3 other vulnerabilities. |
|
VCID-6fvj-phnx-kfgs
Aliases: CVE-2019-17023 |
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. |
Affected by 22 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-7msj-wyd6-zkbe
Aliases: CVE-2019-17006 |
nss: Check length of inputs for cryptographic primitives |
Affected by 22 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-8qtg-h4km-bfg2
Aliases: CVE-2019-11719 |
Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
Affected by 6 other vulnerabilities. |
|
VCID-cgvg-aj53-kkbp
Aliases: CVE-2023-0767 |
Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
Affected by 6 other vulnerabilities. |
|
VCID-dh3c-g3k3-zkb7
Aliases: CVE-2017-7805 |
Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
Affected by 26 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-ekxy-vaed-u7cg
Aliases: CVE-2016-9074 |
Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
Affected by 26 other vulnerabilities. |
|
VCID-ewe9-39b1-kba2
Aliases: CVE-2020-25648 |
A vulnerability in NSS might allow remote attackers to cause a Denial of Service condition. |
Affected by 6 other vulnerabilities. |
|
VCID-fgv4-bz59-h7g7
Aliases: CVE-2018-18508 |
Multiple vulnerabilities have been found in Mozilla Network Security Service (NSS), the worst of which may lead to arbitrary code execution. |
Affected by 22 other vulnerabilities. |
|
VCID-gfj6-dsud-g3fh
Aliases: CVE-2017-5462 |
Multiple vulnerabilities have been found in NSS, the worst of which may allow execution of arbitrary code. |
Affected by 26 other vulnerabilities. |
|
VCID-hs5f-21nx-gfeb
Aliases: CVE-2019-11729 |
Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
Affected by 6 other vulnerabilities. |
|
VCID-jrsz-ynp7-wbb2
Aliases: CVE-2021-43527 |
Multiple vulnerabilities have been discovered in NSS, the worst of which could result in arbitrary code execution. |
Affected by 22 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-jvrr-2gej-bfby
Aliases: CVE-2018-12384 |
nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello |
Affected by 22 other vulnerabilities. |
|
VCID-k2s2-zkua-8ydy
Aliases: CVE-2020-12399 |
NSS has an information disclosure vulnerability when handling DSA keys. |
Affected by 22 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-k4a4-f1as-x3bj
Aliases: CVE-2020-12400 |
NSS has multiple information disclosure vulnerabilities when handling secret key material. |
Affected by 6 other vulnerabilities. |
|
VCID-kxvg-qw8v-vydv
Aliases: CVE-2017-5461 |
Multiple vulnerabilities have been found in NSS, the worst of which may allow execution of arbitrary code. |
Affected by 26 other vulnerabilities. |
|
VCID-mx8t-s47w-wud5
Aliases: CVE-2020-6829 |
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. |
Affected by 6 other vulnerabilities. |
|
VCID-paez-g9wh-mfeq
Aliases: CVE-2024-6609 |
Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which arbitrary code execution. |
Affected by 3 other vulnerabilities. |
|
VCID-rk7t-zjzg-eqar
Aliases: CVE-2020-12401 |
NSS has multiple information disclosure vulnerabilities when handling secret key material. |
Affected by 6 other vulnerabilities. |
|
VCID-szzk-wxm2-cfgj
Aliases: CVE-2020-12403 |
NSS has multiple information disclosure vulnerabilities when handling secret key material. |
Affected by 6 other vulnerabilities. |
|
VCID-t89f-eksr-juen
Aliases: CVE-2017-7502 |
nss: Null pointer dereference when handling empty SSLv2 messages |
Affected by 26 other vulnerabilities. |
|
VCID-vjas-pry4-93cz
Aliases: CVE-2020-12402 |
Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
Affected by 22 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-vszp-vyxy-f7g7
Aliases: CVE-2026-2781 |
Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 3 other vulnerabilities. |
|
VCID-vzb9-aeqz-hybr
Aliases: CVE-2019-11745 |
Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
Affected by 22 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-w794-gqex-83du
Aliases: CVE-2024-6602 |
Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
Affected by 3 other vulnerabilities. |
|
VCID-wavp-f4kn-j3cm
Aliases: CVE-2019-11727 |
Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
Affected by 6 other vulnerabilities. |
|
VCID-x1ty-wqph-gkak
Aliases: CVE-2019-17007 |
nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS |
Affected by 22 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-y43f-tmvr-hqas
Aliases: CVE-2022-22747 |
Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
Affected by 22 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-ykkw-a6a1-43fe
Aliases: CVE-2018-12404 |
nss: Cache side-channel variant of the Bleichenbacher attack |
Affected by 22 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2w58-mdmk-guh8 | Mozilla has updated the version of Network Security Services (NSS) library used in Firefox to NSS 3.23. This addresses four moderate rated networking security issues reported by Mozilla engineers Tyson Smith and Jed Davis. |
CVE-2016-2834
|
| VCID-2w9f-avet-g7c5 | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird, the worst of which may allow user-assisted execution of arbitrary code. |
CVE-2015-7181
|
| VCID-5wqt-2dtu-8qa4 | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1950
|
| VCID-9mux-fuyc-a7dx | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1938
|
| VCID-dh3c-g3k3-zkb7 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7805
|
| VCID-dk4z-1j37-aucx | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1979
|
| VCID-gfj6-dsud-g3fh | Multiple vulnerabilities have been found in NSS, the worst of which may allow execution of arbitrary code. |
CVE-2017-5462
|
| VCID-hs79-pemh-vfd6 | nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA |
CVE-2016-9574
|
| VCID-jmhk-12t1-kugh | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird, the worst of which may allow user-assisted execution of arbitrary code. |
CVE-2015-2730
|
| VCID-kxvg-qw8v-vydv | Multiple vulnerabilities have been found in NSS, the worst of which may allow execution of arbitrary code. |
CVE-2017-5461
|
| VCID-mwyu-5rk2-xbbz | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird, the worst of which may allow user-assisted execution of arbitrary code. |
CVE-2015-2721
|
| VCID-pc13-zwmr-p7hz | Multiple vulnerabilities have been found in NSS, the worst of which could allow remote attackers to obtain access to private key information. |
CVE-2016-8635
|
| VCID-qup9-qy11-fqhe | Multiple vulnerabilities have been found in mbed TLS, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2015-7575
|
| VCID-rzqy-gheq-cqgg | Multiple vulnerabilities have been found in Oracle's JRE and JDK software suites allowing remote attackers to remotely execute arbitrary code, obtain information, and cause Denial of Service. |
CVE-2015-4000
|
| VCID-t89f-eksr-juen | nss: Null pointer dereference when handling empty SSLv2 messages |
CVE-2017-7502
|
| VCID-ukuz-m6d3-5kab | Multiple vulnerabilities have been found in NSS, the worst of which could allow remote attackers to obtain access to private key information. |
CVE-2016-5285
|
| VCID-wut5-sqr6-mubd | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1978
|
| VCID-z26z-btvf-x7eq | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird, the worst of which may allow user-assisted execution of arbitrary code. |
CVE-2015-7182
|