The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of Mozilla NSS: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Mozilla NSS.
Severity of this bulletin: 3/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 11/08/2017.
Références of this threat: CVE-2017-11695, CVE-2017-11696, CVE-2017-11697, CVE-2017-11698, VIGILANCE-VUL-23517.

Description of the vulnerability

Several vulnerabilities were announced in Mozilla NSS.

An attacker can generate a buffer overflow via alloc_segs(), in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-11695]

An attacker can generate a buffer overflow via __hash_open(), in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-11696]

An attacker can trigger a fatal error via __hash_open(), in order to trigger a denial of service. [severity:2/4; CVE-2017-11697]

An attacker can generate a buffer overflow via __get_page(), in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-11698]
Full Vigil@nce bulletin... (Free trial)

This security weakness impacts software or systems such as NSS.

Our Vigil@nce team determined that the severity of this threat bulletin is important.

The trust level is of type unique source, with an origin of document.

This bulletin is about 4 vulnerabilities.

An attacker with a expert ability can exploit this threat.

Solutions for this threat

Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a software vulnerability watch. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.