ID CVE-2018-12404
Summary A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.
References
Vulnerable Configurations
  • Mozilla Network Security Services
    cpe:2.3:a:mozilla:network_security_services
  • Mozilla Network Security Services 3.1
    cpe:2.3:a:mozilla:network_security_services:3.1
  • Mozilla Network Security Services 3.1.1
    cpe:2.3:a:mozilla:network_security_services:3.1.1
  • Mozilla Network Security Services 3.2
    cpe:2.3:a:mozilla:network_security_services:3.2
  • Mozilla Network Security Services 3.2.1
    cpe:2.3:a:mozilla:network_security_services:3.2.1
  • Mozilla Network Security Services 3.3
    cpe:2.3:a:mozilla:network_security_services:3.3
  • Mozilla Network Security Services 3.3.1
    cpe:2.3:a:mozilla:network_security_services:3.3.1
  • Mozilla Network Security Services 3.3.2
    cpe:2.3:a:mozilla:network_security_services:3.3.2
  • Mozilla Network Security Services 3.4
    cpe:2.3:a:mozilla:network_security_services:3.4
  • Mozilla Network Security Services 3.4.1
    cpe:2.3:a:mozilla:network_security_services:3.4.1
  • Mozilla Network Security Services 3.4.2
    cpe:2.3:a:mozilla:network_security_services:3.4.2
  • Mozilla Network Security Services 3.4.3
    cpe:2.3:a:mozilla:network_security_services:3.4.3
  • Mozilla Network Security Services 3.5
    cpe:2.3:a:mozilla:network_security_services:3.5
  • Mozilla Network Security Services 3.6
    cpe:2.3:a:mozilla:network_security_services:3.6
  • Mozilla Network Security Services 3.6.1
    cpe:2.3:a:mozilla:network_security_services:3.6.1
  • Mozilla Network Security Services 3.7
    cpe:2.3:a:mozilla:network_security_services:3.7
  • Mozilla Network Security Services 3.7.1
    cpe:2.3:a:mozilla:network_security_services:3.7.1
  • Mozilla Network Security Services 3.7.2
    cpe:2.3:a:mozilla:network_security_services:3.7.2
  • Mozilla Network Security Services 3.7.3
    cpe:2.3:a:mozilla:network_security_services:3.7.3
  • Mozilla Network Security Services 3.7.5
    cpe:2.3:a:mozilla:network_security_services:3.7.5
  • Mozilla Network Security Services 3.7.7
    cpe:2.3:a:mozilla:network_security_services:3.7.7
  • Mozilla Network Security Services 3.8
    cpe:2.3:a:mozilla:network_security_services:3.8
  • Mozilla Network Security Services 3.9
    cpe:2.3:a:mozilla:network_security_services:3.9
  • Mozilla Network Security Services 3.9.1
    cpe:2.3:a:mozilla:network_security_services:3.9.1
  • Mozilla Network Security Services 3.9.2
    cpe:2.3:a:mozilla:network_security_services:3.9.2
  • Mozilla Network Security Services 3.9.3
    cpe:2.3:a:mozilla:network_security_services:3.9.3
  • Mozilla Network Security Services 3.9.4
    cpe:2.3:a:mozilla:network_security_services:3.9.4
  • Mozilla Network Security Services 3.9.5
    cpe:2.3:a:mozilla:network_security_services:3.9.5
  • Mozilla Network Security Services 3.10
    cpe:2.3:a:mozilla:network_security_services:3.10
  • Mozilla Network Security Services 3.10.1
    cpe:2.3:a:mozilla:network_security_services:3.10.1
  • Mozilla Network Security Services 3.10.2
    cpe:2.3:a:mozilla:network_security_services:3.10.2
  • Mozilla Network Security Services 3.11
    cpe:2.3:a:mozilla:network_security_services:3.11
  • Mozilla Network Security Services 3.11.1
    cpe:2.3:a:mozilla:network_security_services:3.11.1
  • Mozilla Network Security Services 3.11.2
    cpe:2.3:a:mozilla:network_security_services:3.11.2
  • Mozilla Network Security Services 3.11.3
    cpe:2.3:a:mozilla:network_security_services:3.11.3
  • Mozilla Network Security Services 3.11.4
    cpe:2.3:a:mozilla:network_security_services:3.11.4
  • Mozilla Network Security Services 3.11.5
    cpe:2.3:a:mozilla:network_security_services:3.11.5
  • Mozilla Network Security Services 3.11.6
    cpe:2.3:a:mozilla:network_security_services:3.11.6
  • Mozilla Network Security Services 3.11.7
    cpe:2.3:a:mozilla:network_security_services:3.11.7
  • Mozilla Network Security Services 3.11.8
    cpe:2.3:a:mozilla:network_security_services:3.11.8
  • Mozilla Network Security Services 3.11.9
    cpe:2.3:a:mozilla:network_security_services:3.11.9
  • Mozilla Network Security Services 3.11.10
    cpe:2.3:a:mozilla:network_security_services:3.11.10
  • Mozilla Network Security Services 3.12
    cpe:2.3:a:mozilla:network_security_services:3.12
  • Mozilla Network Security Services 3.12.1
    cpe:2.3:a:mozilla:network_security_services:3.12.1
  • Mozilla Network Security Services 3.12.2
    cpe:2.3:a:mozilla:network_security_services:3.12.2
  • Mozilla Network Security Services 3.12.3
    cpe:2.3:a:mozilla:network_security_services:3.12.3
  • Mozilla Network Security Services 3.12.3.1
    cpe:2.3:a:mozilla:network_security_services:3.12.3.1
  • Mozilla Network Security Services 3.12.3.2
    cpe:2.3:a:mozilla:network_security_services:3.12.3.2
  • Mozilla Network Security Services 3.12.4
    cpe:2.3:a:mozilla:network_security_services:3.12.4
  • Mozilla Network Security Services 3.12.5
    cpe:2.3:a:mozilla:network_security_services:3.12.5
  • Mozilla Network Security Services 3.12.6
    cpe:2.3:a:mozilla:network_security_services:3.12.6
  • Mozilla Network Security Services 3.12.7
    cpe:2.3:a:mozilla:network_security_services:3.12.7
  • Mozilla Network Security Services 3.12.8
    cpe:2.3:a:mozilla:network_security_services:3.12.8
  • Mozilla Network Security Services 3.12.9
    cpe:2.3:a:mozilla:network_security_services:3.12.9
  • Mozilla Network Security Services 3.12.10
    cpe:2.3:a:mozilla:network_security_services:3.12.10
  • Mozilla Network Security Services 3.12.11
    cpe:2.3:a:mozilla:network_security_services:3.12.11
  • Mozilla Network Security Services 3.14
    cpe:2.3:a:mozilla:network_security_services:3.14
  • Mozilla Network Security Services 3.14.1
    cpe:2.3:a:mozilla:network_security_services:3.14.1
  • Mozilla Network Security Services 3.14.2
    cpe:2.3:a:mozilla:network_security_services:3.14.2
  • Mozilla Network Security Services 3.14.3
    cpe:2.3:a:mozilla:network_security_services:3.14.3
  • Mozilla Network Security Services 3.14.4
    cpe:2.3:a:mozilla:network_security_services:3.14.4
  • Mozilla Network Security Services 3.14.5
    cpe:2.3:a:mozilla:network_security_services:3.14.5
  • Mozilla Network Security Services 3.15
    cpe:2.3:a:mozilla:network_security_services:3.15
  • Mozilla Network Security Services 3.15.1
    cpe:2.3:a:mozilla:network_security_services:3.15.1
  • Mozilla Network Security Services 3.15.2
    cpe:2.3:a:mozilla:network_security_services:3.15.2
  • Mozilla Network Security Services 3.15.3
    cpe:2.3:a:mozilla:network_security_services:3.15.3
  • Mozilla Network Security Services 3.15.3.1
    cpe:2.3:a:mozilla:network_security_services:3.15.3.1
  • Mozilla Network Security Services 3.15.4
    cpe:2.3:a:mozilla:network_security_services:3.15.4
  • Mozilla Network Security Services 3.15.5
    cpe:2.3:a:mozilla:network_security_services:3.15.5
  • Mozilla Network Security Services 3.16
    cpe:2.3:a:mozilla:network_security_services:3.16
  • Mozilla Network Security Services 3.16.1
    cpe:2.3:a:mozilla:network_security_services:3.16.1
  • Mozilla Network Security Services 3.16.2
    cpe:2.3:a:mozilla:network_security_services:3.16.2
  • Mozilla Network Security Services 3.16.2.1
    cpe:2.3:a:mozilla:network_security_services:3.16.2.1
  • Mozilla Network Security Services 3.16.2.2
    cpe:2.3:a:mozilla:network_security_services:3.16.2.2
  • Mozilla Network Security Services 3.16.2.3
    cpe:2.3:a:mozilla:network_security_services:3.16.2.3
  • Mozilla Network Security Services 3.16.3
    cpe:2.3:a:mozilla:network_security_services:3.16.3
  • Mozilla Network Security Services 3.16.4
    cpe:2.3:a:mozilla:network_security_services:3.16.4
  • Mozilla Network Security Services 3.16.5
    cpe:2.3:a:mozilla:network_security_services:3.16.5
  • Mozilla Network Security Services 3.16.6
    cpe:2.3:a:mozilla:network_security_services:3.16.6
  • Mozilla Network Security Services 3.17
    cpe:2.3:a:mozilla:network_security_services:3.17
  • Mozilla Network Security Services 3.17.1
    cpe:2.3:a:mozilla:network_security_services:3.17.1
  • Mozilla Network Security Services 3.17.2
    cpe:2.3:a:mozilla:network_security_services:3.17.2
  • Mozilla Network Security Services 3.17.3
    cpe:2.3:a:mozilla:network_security_services:3.17.3
  • Mozilla Network Security Services 3.17.4
    cpe:2.3:a:mozilla:network_security_services:3.17.4
  • Mozilla Network Security Services 3.18
    cpe:2.3:a:mozilla:network_security_services:3.18
  • Mozilla Network Security Services 3.18.1
    cpe:2.3:a:mozilla:network_security_services:3.18.1
  • Mozilla Network Security Services (NSS) 3.19
    cpe:2.3:a:mozilla:network_security_services:3.19
  • Mozilla Network Security Services 3.19.1
    cpe:2.3:a:mozilla:network_security_services:3.19.1
  • Mozilla Network Security Services 3.19.2
    cpe:2.3:a:mozilla:network_security_services:3.19.2
  • Mozilla Network Security Services 3.19.2.0
    cpe:2.3:a:mozilla:network_security_services:3.19.2.0
  • Mozilla Network Security Services 3.19.3
    cpe:2.3:a:mozilla:network_security_services:3.19.3
  • Mozilla Network Security Services 3.20
    cpe:2.3:a:mozilla:network_security_services:3.20
  • Mozilla Network Security Services 3.20.0
    cpe:2.3:a:mozilla:network_security_services:3.20.0
  • Mozilla Network Security Services 3.20.1
    cpe:2.3:a:mozilla:network_security_services:3.20.1
  • Mozilla Network Security Services 3.21
    cpe:2.3:a:mozilla:network_security_services:3.21
  • Mozilla Network Security Services 3.21.1
    cpe:2.3:a:mozilla:network_security_services:3.21.1
  • Mozilla Network Security Services 3.21.2
    cpe:2.3:a:mozilla:network_security_services:3.21.2
  • Mozilla Network Security Services (NSS) 3.21.3
    cpe:2.3:a:mozilla:network_security_services:3.21.3
  • Mozilla Network Security Services 3.21.4
    cpe:2.3:a:mozilla:network_security_services:3.21.4
  • Mozilla Network Security Services (NSS) 3.22
    cpe:2.3:a:mozilla:network_security_services:3.22
  • Mozilla Network Security Services 3.22.1
    cpe:2.3:a:mozilla:network_security_services:3.22.1
  • Mozilla Network Security Services 3.22.2
    cpe:2.3:a:mozilla:network_security_services:3.22.2
  • Mozilla Network Security Services 3.23
    cpe:2.3:a:mozilla:network_security_services:3.23
  • Mozilla Network Security Services 3.24
    cpe:2.3:a:mozilla:network_security_services:3.24
  • Mozilla Network Security Services 3.25
    cpe:2.3:a:mozilla:network_security_services:3.25
  • Mozilla Network Security Services 3.25.0
    cpe:2.3:a:mozilla:network_security_services:3.25.0
  • Mozilla Network Security Services 3.25.1
    cpe:2.3:a:mozilla:network_security_services:3.25.1
  • Mozilla Network Security Services 3.26
    cpe:2.3:a:mozilla:network_security_services:3.26
  • Mozilla Network Security Services 3.26.0
    cpe:2.3:a:mozilla:network_security_services:3.26.0
  • Mozilla Network Security Services 3.26.2
    cpe:2.3:a:mozilla:network_security_services:3.26.2
  • Mozilla Network Security Services 3.27
    cpe:2.3:a:mozilla:network_security_services:3.27
  • Mozilla Network Security Services 3.27.0
    cpe:2.3:a:mozilla:network_security_services:3.27.0
  • Mozilla Network Security Services 3.27.1
    cpe:2.3:a:mozilla:network_security_services:3.27.1
  • Mozilla Network Security Services 3.27.2
    cpe:2.3:a:mozilla:network_security_services:3.27.2
  • Mozilla Network Security Services 3.28
    cpe:2.3:a:mozilla:network_security_services:3.28
  • Mozilla Network Security Services 3.28.0
    cpe:2.3:a:mozilla:network_security_services:3.28.0
  • Mozilla Network Security Services 3.28.1
    cpe:2.3:a:mozilla:network_security_services:3.28.1
  • Mozilla Network Security Services 3.28.2
    cpe:2.3:a:mozilla:network_security_services:3.28.2
  • Mozilla Network Security Services (NSS) 3.28.3
    cpe:2.3:a:mozilla:network_security_services:3.28.3
  • Mozilla Network Security Services 3.28.4
    cpe:2.3:a:mozilla:network_security_services:3.28.4
  • Mozilla Network Security Services 3.28.5
    cpe:2.3:a:mozilla:network_security_services:3.28.5
  • Mozilla Network Security Services 3.29
    cpe:2.3:a:mozilla:network_security_services:3.29
  • Mozilla Network Security Services 3.29.1
    cpe:2.3:a:mozilla:network_security_services:3.29.1
  • Mozilla Network Security Services 3.29.2
    cpe:2.3:a:mozilla:network_security_services:3.29.2
  • Mozilla Network Security Services (NSS) 3.29.3
    cpe:2.3:a:mozilla:network_security_services:3.29.3
  • Mozilla Network Security Services 3.29.5
    cpe:2.3:a:mozilla:network_security_services:3.29.5
  • Mozilla Network Security Services (NSS) 3.30
    cpe:2.3:a:mozilla:network_security_services:3.30
  • Mozilla Network Security Services 3.30.1
    cpe:2.3:a:mozilla:network_security_services:3.30.1
  • Mozilla Network Security Services 3.30.2
    cpe:2.3:a:mozilla:network_security_services:3.30.2
  • Mozilla Network Security Services 3.31
    cpe:2.3:a:mozilla:network_security_services:3.31
  • Mozilla Network Security Services 3.31.1
    cpe:2.3:a:mozilla:network_security_services:3.31.1
  • Mozilla Network Security Services 3.32
    cpe:2.3:a:mozilla:network_security_services:3.32
  • Mozilla Network Security Services 3.33
    cpe:2.3:a:mozilla:network_security_services:3.33
  • Mozilla Network Security Services 3.34
    cpe:2.3:a:mozilla:network_security_services:3.34
  • Mozilla Network Security Services 3.34.1
    cpe:2.3:a:mozilla:network_security_services:3.34.1
  • Mozilla Network Security Services 3.35
    cpe:2.3:a:mozilla:network_security_services:3.35
  • Mozilla Network Security Services 3.36
    cpe:2.3:a:mozilla:network_security_services:3.36
  • Mozilla Network Security Services 3.36.1
    cpe:2.3:a:mozilla:network_security_services:3.36.1
  • Mozilla Network Security Services 3.36.2
    cpe:2.3:a:mozilla:network_security_services:3.36.2
  • Mozilla Network Security Services 3.36.4
    cpe:2.3:a:mozilla:network_security_services:3.36.4
  • Mozilla Network Security Services 3.37
    cpe:2.3:a:mozilla:network_security_services:3.37
  • Mozilla Network Security Services 3.37.1
    cpe:2.3:a:mozilla:network_security_services:3.37.1
  • Mozilla Network Security Services 3.37.3
    cpe:2.3:a:mozilla:network_security_services:3.37.3
  • Mozilla Network Security Services 3.38
    cpe:2.3:a:mozilla:network_security_services:3.38
  • Mozilla Network Security Services 3.39
    cpe:2.3:a:mozilla:network_security_services:3.39
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-A78B2EF820.NASL
    description Updates the nss package to upstream NSS 3.40.1. This is a point release after 3.40, with a security fix for CVE-2018-12404. For details about other new functionality and a list of bugs fixed in this release please see the upstream release notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.40 _release_notes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120683
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120683
    title Fedora 29 : nss (2018-a78b2ef820)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2018-337-01.NASL
    description New mozilla-nss packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
    last seen 2019-02-21
    modified 2018-12-04
    plugin id 119332
    published 2018-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119332
    title Slackware 14.0 / 14.1 / 14.2 / current : mozilla-nss (SSA:2018-337-01)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-4236-1.NASL
    description This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in MozillaFirefox : Update to Firefox ESR 60.4 (bsc#1119105) CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Fixed a use-after-free with select element CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: Update to NSS 3.40.1 (bsc#1119105) CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) Fixed a decryption failure during FFDHE key exchange Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: Update mozilla-nspr to 4.20 (bsc#1119105) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 119871
    published 2018-12-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119871
    title SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr / mozilla-nss (SUSE-SU-2018:4236-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3850-1.NASL
    description Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. (CVE-2018-0495) It was discovered that NSS incorrectly handled certain v2-compatible ClientHello messages. A remote attacker could possibly use this issue to perform a replay attack. (CVE-2018-12384) It was discovered that NSS incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. (CVE-2018-12404). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-10
    plugin id 121062
    published 2019-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121062
    title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : nss vulnerabilities (USN-3850-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-2575EDF8D3.NASL
    description Updates the nss package to upstream NSS 3.40.1. This is a point release after 3.40, with a security fix for CVE-2018-12404. For details about other new functionality and a list of bugs fixed in this release please see the upstream release notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.40 _release_notes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120299
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120299
    title Fedora 28 : nss (2018-2575edf8d3)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-1618.NASL
    description This update for mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in mozilla-nss : - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr : - Update mozilla-nspr to 4.20 (bsc#1119105) This update was imported from the SUSE:SLE-15:Update update project.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 119948
    published 2018-12-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119948
    title openSUSE Security Update : mozilla-nspr and mozilla-nss (openSUSE-2018-1618)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-1540.NASL
    description This update for mozilla-nss to version 3.36.6 fixes the following issues : Security issues fixed : - CVE-2018-12384: NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random (bmo#1483128, boo#1106873) - CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bmo#1485864, boo#1119069)
    last seen 2019-02-21
    modified 2018-12-14
    plugin id 119670
    published 2018-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119670
    title openSUSE Security Update : mozilla-nss (openSUSE-2018-1540)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2019-183.NASL
    description This update for mozilla-nss fixes the following issues : Security issues fixed : - CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bsc#1119069). Non-security issue fixed : - Update to mozilla-nss 3.41.1 This update was imported from the SUSE:SLE-15:Update update project.
    last seen 2019-02-21
    modified 2019-02-15
    plugin id 122225
    published 2019-02-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=122225
    title openSUSE Security Update : mozilla-nss (openSUSE-2019-183)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-4235-1.NASL
    description This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in MozillaFirefox : Update to Firefox ESR 60.4 (bsc#1119105) CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Fixed a use-after-free with select element CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: Update to NSS 3.40.1 (bsc#1119105) CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) Fixed a decryption failure during FFDHE key exchange Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: Update mozilla-nspr to 4.20 (bsc#1119105) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 120193
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120193
    title SUSE SLED15 / SLES15 Security Update : MozillaFirefox, mozilla-nspr / mozilla-nss (SUSE-SU-2018:4235-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2019-0273-1.NASL
    description This update for MozillaFirefox, mozilla-nss fixes the following issues : Security issues fixed : CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (bsc#1122983). CVE-2018-18501: Fixed multiple memory safety bugs (bsc#1122983). CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (bsc#1122983). CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bsc#1119069). Non-security issue fixed: Update to MozillaFirefox ESR 60.5.0 Update to mozilla-nss 3.41.1 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-08
    plugin id 121638
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121638
    title SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:0273-1)
refmap via4
bid 107260
misc https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404
Last major update 02-05-2019 - 13:29
Published 02-05-2019 - 13:29
Last modified 20-07-2019 - 08:15
Back to Top