The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Mozilla NSS

computer vulnerability announce CVE-2018-18508

Mozilla NSS: NULL pointer dereference via CMS

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via CMS of Mozilla NSS, in order to trigger a denial of service.
Impacted products: Debian, NSS, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 01/02/2019.
Identifiers: CVE-2018-18508, DLA-1704-1, USN-3898-1, USN-3898-2, VIGILANCE-VUL-28417.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via CMS of Mozilla NSS, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-12404

Mozilla NSS: information disclosure via Cache Side-channel

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Cache Side-channel of Mozilla NSS, in order to obtain sensitive information.
Impacted products: Debian, NSS, openSUSE Leap, Oracle Communications, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 03/12/2018.
Identifiers: 1485864, cpuapr2019, CVE-2018-12404, DLA-1704-1, openSUSE-SU-2018:4117-1, openSUSE-SU-2018:4283-1, openSUSE-SU-2019:0183-1, SSA:2018-337-01, SUSE-SU-2018:4235-1, SUSE-SU-2018:4236-1, USN-3850-1, USN-3850-2, VIGILANCE-VUL-27938.

Description of the vulnerability

An attacker can bypass access restrictions to data via Cache Side-channel of Mozilla NSS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-12384

Mozilla NSS: information disclosure via SSLv2 ServerHello Zero Random

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via SSLv2 ServerHello Zero Random of Mozilla NSS, in order to obtain sensitive information.
Impacted products: Fedora, Junos Space, NSS, openSUSE Leap, Oracle Communications, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: LAN.
Creation date: 03/09/2018.
Identifiers: cpuapr2019, CVE-2018-12384, FEDORA-2018-1a7a5c54c2, FEDORA-2018-4a21a8ca59, JSA10917, openSUSE-SU-2018:4117-1, openSUSE-SU-2018:4283-1, RHSA-2018:2768-01, RHSA-2018:2898-01, SUSE-SU-2018:4235-1, SUSE-SU-2018:4236-1, USN-3850-1, USN-3850-2, VIGILANCE-VUL-27136.

Description of the vulnerability

An attacker can bypass access restrictions to data via SSLv2 ServerHello Zero Random of Mozilla NSS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-0495

Libgcrypt: information disclosure via ECDSA Signatures Side-channel Attack

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via ECDSA Signatures Side-channel Attack of Libgcrypt, in order to obtain sensitive information.
Impacted products: Debian, Fedora, NSS, OpenBSD, openSUSE Leap, Oracle Fusion Middleware, Solaris, Tuxedo, WebLogic, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 14/06/2018.
Identifiers: bulletinjan2019, bulletinjul2018, cpuapr2019, CVE-2018-0495, DLA-1405-1, DSA-4231-1, FEDORA-2018-98ab6b4e56, openSUSE-SU-2018:2122-1, openSUSE-SU-2018:2178-1, openSUSE-SU-2018:4283-1, RHSA-2018:3221-01, SUSE-SU-2018:1993-1, SUSE-SU-2018:2089-1, SUSE-SU-2018:2452-2, SUSE-SU-2018:4235-1, SUSE-SU-2018:4236-1, USN-3689-1, USN-3689-2, USN-3692-1, USN-3692-2, USN-3850-1, USN-3850-2, VIGILANCE-VUL-26425.

Description of the vulnerability

An attacker can bypass access restrictions to data via ECDSA Signatures Side-channel Attack of Libgcrypt, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-7805

Mozilla NSS: use after free via Verifying Client Authentication

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via Verifying Client Authentication of Mozilla NSS, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Firefox, NSS, SeaMonkey, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Solaris, Tuxedo, Oracle Virtual Directory, WebLogic, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 29/09/2017.
Identifiers: bulletinoct2017, cpuapr2018, cpuoct2018, CVE-2017-7805, DLA-1118-1, DLA-1138-1, DSA-3987-1, DSA-3998-1, FEDORA-2017-2e7badfe67, FEDORA-2017-6e2071419d, MFSA-2017-21, MFSA-2017-22, openSUSE-SU-2017:2615-1, openSUSE-SU-2017:2707-1, openSUSE-SU-2017:2710-1, RHSA-2017:2831-01, RHSA-2017:2832-01, SSA:2017-271-01, SUSE-SU-2017:2688-1, SUSE-SU-2017:2872-1, SUSE-SU-2017:2872-2, USN-3431-1, USN-3435-1, USN-3435-2, USN-3436-1, VIGILANCE-VUL-23976.

Description of the vulnerability

An attacker can force the usage of a freed memory area via Verifying Client Authentication of Mozilla NSS, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-11695 CVE-2017-11696 CVE-2017-11697

Mozilla NSS: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Mozilla NSS.
Impacted products: NSS.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 11/08/2017.
Identifiers: CVE-2017-11695, CVE-2017-11696, CVE-2017-11697, CVE-2017-11698, VIGILANCE-VUL-23517.

Description of the vulnerability

Several vulnerabilities were announced in Mozilla NSS.

An attacker can generate a buffer overflow via alloc_segs(), in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-11695]

An attacker can generate a buffer overflow via __hash_open(), in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-11696]

An attacker can trigger a fatal error via __hash_open(), in order to trigger a denial of service. [severity:2/4; CVE-2017-11697]

An attacker can generate a buffer overflow via __get_page(), in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-11698]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-9574

Mozilla NSS: denial of service via SessionTicket Extension

Synthesis of the vulnerability

An attacker can generate a fatal error via SessionTicket Extension of Mozilla NSS, in order to trigger a denial of service.
Impacted products: NSS, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 21/04/2017.
Identifiers: 1015499, CVE-2016-9574, MFSA-2017-10, openSUSE-SU-2017:1088-1, SUSE-SU-2017:1175-1, SUSE-SU-2017:1248-1, VIGILANCE-VUL-22534.

Description of the vulnerability

An attacker can generate a fatal error via SessionTicket Extension of Mozilla NSS, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-5461 CVE-2017-5462

Mozilla NSS: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Mozilla NSS.
Impacted products: Blue Coat CAS, Debian, Fedora, Firefox, NSS, Thunderbird, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Identity Management, Oracle iPlanet Web Server, Solaris, Tuxedo, WebLogic, Oracle Web Tier, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Ubuntu.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 20/04/2017.
Identifiers: bulletinapr2017, bulletinjan2019, CERTFR-2017-AVI-126, CERTFR-2017-AVI-134, cpujan2018, cpuoct2017, CVE-2017-5461, CVE-2017-5462, DLA-906-1, DLA-946-1, DSA-3831-1, DSA-3872-1, FEDORA-2017-31c64a0bbf, FEDORA-2017-82265ed89e, FEDORA-2017-87e23bcc34, FEDORA-2017-9042085060, MFSA-2017-10, MFSA-2017-11, MFSA-2017-12, MFSA-2017-13, openSUSE-SU-2017:1099-1, openSUSE-SU-2017:1196-1, openSUSE-SU-2017:1268-1, RHSA-2017:1100-01, RHSA-2017:1101-01, RHSA-2017:1102-01, RHSA-2017:1103-01, SA150, SSA:2017-112-01, SSA:2017-114-01, SUSE-SU-2017:1175-1, SUSE-SU-2017:1248-1, SUSE-SU-2017:1669-1, SUSE-SU-2017:2235-1, USN-3260-1, USN-3260-2, USN-3270-1, USN-3278-1, USN-3372-1, VIGILANCE-VUL-22505.

Description of the vulnerability

An attacker can use several vulnerabilities of Mozilla NSS.

An attacker can generate a buffer overflow via Base64 Decoding, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2017-5461]

An attacker can bypass security features via DRBG Number Generation, in order to obtain sensitive information. [severity:2/4; CVE-2017-5462]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 21582

Mozilla NSS: update of the certification authority list

Synthesis of the vulnerability

The security of Mozilla NSS was improved with an updated list of CA certificates.
Impacted products: Fedora, NSS.
Severity: 1/4.
Consequences: no consequence.
Provenance: internet client.
Creation date: 16/01/2017.
Identifiers: FEDORA-2017-0b50f61ab2, FEDORA-2017-9784ee67f2, VIGILANCE-VUL-21582.

Description of the vulnerability

This bulletin is about a security improvement.

It does not describe a vulnerability.

The security of Mozilla NSS was improved with an updated list of CA certificates.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-8635

Mozilla NSS: information disclosure via Small Subgroup Confinement Attack

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Small Subgroup Confinement Attack of Mozilla NSS, in order to obtain sensitive information.
Impacted products: Blue Coat CAS, Security Directory Server, NSS, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: LAN.
Creation date: 16/11/2016.
Identifiers: 1391818, 2000347, CVE-2016-8635, RHSA-2016:2779-01, SA137, SUSE-SU-2017:1175-1, SUSE-SU-2017:1248-1, SYMSA1391, USN-3163-1, VIGILANCE-VUL-21128.

Description of the vulnerability

An attacker can bypass access restrictions to data via Small Subgroup Confinement Attack of Mozilla NSS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Mozilla NSS: