Max CVSS | 10.0 | Min CVSS | 1.2 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2015-7183 | 7.5 |
Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and othe
|
22-10-2024 - 13:42 | 05-11-2015 - 05:59 | |
CVE-2015-4000 | 4.3 |
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a Clie
|
22-10-2024 - 13:42 | 21-05-2015 - 00:59 | |
CVE-2016-1950 | 6.8 |
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via
|
22-10-2024 - 13:42 | 13-03-2016 - 18:59 | |
CVE-2013-5607 | 7.5 |
Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attacker
|
21-10-2024 - 13:55 | 20-11-2013 - 14:12 | |
CVE-2014-1568 | 7.5 |
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31
|
21-10-2024 - 13:55 | 25-09-2014 - 17:55 | |
CVE-2012-0441 | 5.0 |
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey b
|
21-10-2024 - 13:55 | 05-06-2012 - 23:55 | |
CVE-2020-6829 | 5.0 |
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the p
|
20-02-2023 - 17:15 | 28-10-2020 - 12:15 | |
CVE-2016-8635 | 4.3 |
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired g
|
12-02-2023 - 23:26 | 01-08-2018 - 13:29 | |
CVE-2013-1620 | 4.3 |
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct di
|
21-12-2022 - 17:30 | 08-02-2013 - 19:55 | |
CVE-2020-12402 | 1.2 |
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to re
|
04-01-2022 - 16:38 | 09-07-2020 - 15:15 | |
CVE-2017-5461 | 7.5 |
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other i
|
20-07-2021 - 23:15 | 11-05-2017 - 01:29 | |
CVE-2019-11745 | 6.8 |
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerabilit
|
19-02-2021 - 17:22 | 08-01-2020 - 20:15 | |
CVE-2019-17007 | 5.0 |
In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.
|
19-02-2021 - 16:58 | 22-10-2020 - 21:15 | |
CVE-2019-11745 | 6.8 |
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerabilit
|
30-09-2020 - 18:15 | 08-01-2020 - 20:15 | |
CVE-2020-12402 | 1.2 |
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to re
|
30-09-2020 - 18:15 | 09-07-2020 - 15:15 | |
CVE-2014-1492 | 4.3 |
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which
|
09-10-2018 - 19:42 | 25-03-2014 - 13:25 | |
CVE-2014-1545 | 10.0 |
Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions. Per: http://cwe.mitre.org/data/defini
|
28-12-2017 - 02:29 | 11-06-2014 - 10:57 | |
CVE-2016-1979 | 6.8 |
Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly h
|
04-11-2017 - 01:29 | 13-03-2016 - 18:59 | |
CVE-2014-1569 | 7.5 |
The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers
|
22-09-2017 - 01:29 | 15-12-2014 - 18:59 | |
CVE-2010-3170 | 4.3 |
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-th
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2013-0743 | 5.0 |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA at the suggestion of the CVE project team. The candidate had been associated with a correct report of a security problem, but not a p
|
16-12-2016 - 02:59 | 25-01-2013 - 18:55 |