Vulnerabilites related to mozilla - network_security_services
CVE-2016-8635 (GCVE-0-2016-8635)
Vulnerability from cvelistv5
Published
2018-08-01 13:00
Modified
2024-08-06 02:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2016-2779.html | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201701-46 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/94346 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:41.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635"
},
{
"name": "RHSA-2016:2779",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
},
{
"name": "GLSA-201701-46",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"name": "94346",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94346"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nss",
"vendor": "Mozilla",
"versions": [
{
"status": "affected",
"version": "3.21.x"
}
]
}
],
"datePublic": "2016-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-358",
"description": "CWE-358",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-02T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635"
},
{
"name": "RHSA-2016:2779",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
},
{
"name": "GLSA-201701-46",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"name": "94346",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94346"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-8635",
"datePublished": "2018-08-01T13:00:00",
"dateReserved": "2016-10-12T00:00:00",
"dateUpdated": "2024-08-06T02:27:41.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5462 (GCVE-0-2006-5462)
Vulnerability from cvelistv5
Published
2006-11-08 21:00
Modified
2024-08-07 19:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:48:30.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-3748",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3748"
},
{
"name": "23883",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23883"
},
{
"name": "23235",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23235"
},
{
"name": "GLSA-200612-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200612-08.xml"
},
{
"name": "23013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23013"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm"
},
{
"name": "22770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22770"
},
{
"name": "ADV-2006-4387",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4387"
},
{
"name": "DSA-1225",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1225"
},
{
"name": "1017180",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017180"
},
{
"name": "23009",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23009"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=356215"
},
{
"name": "TA06-312A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-312A.html"
},
{
"name": "DSA-1227",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1227"
},
{
"name": "22980",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22980"
},
{
"name": "ADV-2007-0293",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0293"
},
{
"name": "RHSA-2006:0733",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0733.html"
},
{
"name": "24711",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24711"
},
{
"name": "23263",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23263"
},
{
"name": "22763",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22763"
},
{
"name": "22965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22965"
},
{
"name": "USN-382-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-382-1"
},
{
"name": "ADV-2008-0083",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name": "RHSA-2006:0735",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0735.html"
},
{
"name": "20061101-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"
},
{
"name": "1017181",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017181"
},
{
"name": "SUSE-SA:2006:068",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_68_mozilla.html"
},
{
"name": "GLSA-200612-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200612-07.xml"
},
{
"name": "ADV-2007-1198",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1198"
},
{
"name": "23297",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23297"
},
{
"name": "22727",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22727"
},
{
"name": "22815",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22815"
},
{
"name": "RHSA-2006:0734",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0734.html"
},
{
"name": "VU#335392",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/335392"
},
{
"name": "SSRT061181",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
},
{
"name": "mozilla-nss-security-bypass(30098)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30098"
},
{
"name": "22737",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22737"
},
{
"name": "22929",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22929"
},
{
"name": "23202",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23202"
},
{
"name": "GLSA-200612-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200612-06.xml"
},
{
"name": "HPSBUX02153",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
},
{
"name": "MDKSA-2006:206",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:206"
},
{
"name": "oval:org.mitre.oval:def:10478",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10478"
},
{
"name": "23197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23197"
},
{
"name": "DSA-1224",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1224"
},
{
"name": "22066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22066"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html"
},
{
"name": "22817",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22817"
},
{
"name": "22722",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22722"
},
{
"name": "102781",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html"
},
{
"name": "1017182",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017182"
},
{
"name": "MDKSA-2006:205",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:205"
},
{
"name": "23287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23287"
},
{
"name": "USN-381-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-381-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2006-3748",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3748"
},
{
"name": "23883",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23883"
},
{
"name": "23235",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23235"
},
{
"name": "GLSA-200612-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200612-08.xml"
},
{
"name": "23013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23013"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm"
},
{
"name": "22770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22770"
},
{
"name": "ADV-2006-4387",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4387"
},
{
"name": "DSA-1225",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1225"
},
{
"name": "1017180",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017180"
},
{
"name": "23009",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23009"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=356215"
},
{
"name": "TA06-312A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-312A.html"
},
{
"name": "DSA-1227",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1227"
},
{
"name": "22980",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22980"
},
{
"name": "ADV-2007-0293",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0293"
},
{
"name": "RHSA-2006:0733",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0733.html"
},
{
"name": "24711",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24711"
},
{
"name": "23263",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23263"
},
{
"name": "22763",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22763"
},
{
"name": "22965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22965"
},
{
"name": "USN-382-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-382-1"
},
{
"name": "ADV-2008-0083",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name": "RHSA-2006:0735",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0735.html"
},
{
"name": "20061101-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"
},
{
"name": "1017181",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017181"
},
{
"name": "SUSE-SA:2006:068",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_68_mozilla.html"
},
{
"name": "GLSA-200612-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200612-07.xml"
},
{
"name": "ADV-2007-1198",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1198"
},
{
"name": "23297",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23297"
},
{
"name": "22727",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22727"
},
{
"name": "22815",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22815"
},
{
"name": "RHSA-2006:0734",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0734.html"
},
{
"name": "VU#335392",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/335392"
},
{
"name": "SSRT061181",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
},
{
"name": "mozilla-nss-security-bypass(30098)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30098"
},
{
"name": "22737",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22737"
},
{
"name": "22929",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22929"
},
{
"name": "23202",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23202"
},
{
"name": "GLSA-200612-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200612-06.xml"
},
{
"name": "HPSBUX02153",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
},
{
"name": "MDKSA-2006:206",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:206"
},
{
"name": "oval:org.mitre.oval:def:10478",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10478"
},
{
"name": "23197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23197"
},
{
"name": "DSA-1224",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1224"
},
{
"name": "22066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22066"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html"
},
{
"name": "22817",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22817"
},
{
"name": "22722",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22722"
},
{
"name": "102781",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html"
},
{
"name": "1017182",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017182"
},
{
"name": "MDKSA-2006:205",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:205"
},
{
"name": "23287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23287"
},
{
"name": "USN-381-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-381-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-5462",
"datePublished": "2006-11-08T21:00:00",
"dateReserved": "2006-10-23T00:00:00",
"dateUpdated": "2024-08-07T19:48:30.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17006 (GCVE-0-2019-17006)
Vulnerability from cvelistv5
Published
2020-10-22 20:24
Modified
2024-08-05 01:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- missing length checks for cryptographic primitives
Summary
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes | x_refsource_MISC | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1539788 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210129-0001/ | x_refsource_CONFIRM | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf | x_refsource_CONFIRM | |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210129-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NSS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "3.46",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "missing length checks for cryptographic primitives",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-12T06:05:28",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210129-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2019-17006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NSS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.46"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "missing length checks for cryptographic primitives"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes",
"refsource": "MISC",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210129-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210129-0001/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2019-17006",
"datePublished": "2020-10-22T20:24:25",
"dateReserved": "2019-09-30T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11695 (GCVE-0-2017-11695)
Vulnerability from cvelistv5
Published
2017-12-27 19:00
Modified
2024-08-05 18:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1039153 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/100345 | vdb-entry, x_refsource_BID | |
| http://www.geeknik.net/9brdqk6xu | x_refsource_MISC | |
| http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2017/Aug/17 | mailing-list, x_refsource_FULLDISC | |
| https://security.gentoo.org/glsa/202003-37 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:37.736Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039153"
},
{
"name": "100345",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100345"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.geeknik.net/9brdqk6xu"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html"
},
{
"name": "20170811 Multiple unpatched flaws exist in NSS (CVE-2017-11695, CVE-2017-11696, CVE-2017-11697, CVE-2017-11698)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Aug/17"
},
{
"name": "GLSA-202003-37",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-37"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T22:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1039153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039153"
},
{
"name": "100345",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100345"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.geeknik.net/9brdqk6xu"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html"
},
{
"name": "20170811 Multiple unpatched flaws exist in NSS (CVE-2017-11695, CVE-2017-11696, CVE-2017-11697, CVE-2017-11698)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Aug/17"
},
{
"name": "GLSA-202003-37",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-37"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039153"
},
{
"name": "100345",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100345"
},
{
"name": "http://www.geeknik.net/9brdqk6xu",
"refsource": "MISC",
"url": "http://www.geeknik.net/9brdqk6xu"
},
{
"name": "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html"
},
{
"name": "20170811 Multiple unpatched flaws exist in NSS (CVE-2017-11695, CVE-2017-11696, CVE-2017-11697, CVE-2017-11698)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Aug/17"
},
{
"name": "GLSA-202003-37",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-37"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11695",
"datePublished": "2017-12-27T19:00:00",
"dateReserved": "2017-07-27T00:00:00",
"dateUpdated": "2024-08-05T18:19:37.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9574 (GCVE-0-2016-9574)
Vulnerability from cvelistv5
Published
2018-07-19 13:00
Modified
2024-08-06 02:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=1320695 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:02.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nss",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "nss 3.30"
}
]
}
],
"datePublic": "2016-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-325",
"description": "CWE-325",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-19T12:57:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "nss",
"version": {
"version_data": [
{
"version_value": "nss 3.30"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
[
{
"vectorString": "4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-325"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9574",
"datePublished": "2018-07-19T13:00:00",
"dateReserved": "2016-11-23T00:00:00",
"dateUpdated": "2024-08-06T02:59:02.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1739 (GCVE-0-2013-1739)
Vulnerability from cvelistv5
Published
2013-10-22 22:00
Modified
2024-08-06 15:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:32.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1012656"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.2_release_notes"
},
{
"name": "DSA-2790",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2790"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=894370"
},
{
"name": "GLSA-201406-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
},
{
"name": "USN-2030-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2030-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-93.html"
},
{
"name": "oval:org.mitre.oval:def:19254",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19254"
},
{
"name": "RHSA-2013:1791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1791.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "SUSE-SU-2013:1678",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00014.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "openSUSE-SU-2013:1539",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00013.html"
},
{
"name": "62966",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62966"
},
{
"name": "RHSA-2013:1829",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1829.html"
},
{
"name": "openSUSE-SU-2013:1542",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1012656"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.2_release_notes"
},
{
"name": "DSA-2790",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2790"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=894370"
},
{
"name": "GLSA-201406-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
},
{
"name": "USN-2030-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2030-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-93.html"
},
{
"name": "oval:org.mitre.oval:def:19254",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19254"
},
{
"name": "RHSA-2013:1791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1791.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "SUSE-SU-2013:1678",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00014.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "openSUSE-SU-2013:1539",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00013.html"
},
{
"name": "62966",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/62966"
},
{
"name": "RHSA-2013:1829",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1829.html"
},
{
"name": "openSUSE-SU-2013:1542",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00016.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2013-1739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1012656",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1012656"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.2_release_notes",
"refsource": "CONFIRM",
"url": "https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.2_release_notes"
},
{
"name": "DSA-2790",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2790"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=894370",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=894370"
},
{
"name": "GLSA-201406-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
},
{
"name": "USN-2030-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2030-1"
},
{
"name": "http://www.mozilla.org/security/announce/2013/mfsa2013-93.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-93.html"
},
{
"name": "oval:org.mitre.oval:def:19254",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19254"
},
{
"name": "RHSA-2013:1791",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1791.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "SUSE-SU-2013:1678",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00014.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "openSUSE-SU-2013:1539",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00013.html"
},
{
"name": "62966",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62966"
},
{
"name": "RHSA-2013:1829",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1829.html"
},
{
"name": "openSUSE-SU-2013:1542",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00016.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2013-1739",
"datePublished": "2013-10-22T22:00:00",
"dateReserved": "2013-02-13T00:00:00",
"dateUpdated": "2024-08-06T15:13:32.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1741 (GCVE-0-2013-1741)
Vulnerability from cvelistv5
Published
2013-11-16 15:00
Modified
2024-08-06 15:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:32.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT204941"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.mozilla.org/docs/NSS/NSS_3.15.3_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "DSA-2994",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2994"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "APPLE-SA-2015-06-30-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=925100"
},
{
"name": "63736",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63736"
},
{
"name": "GLSA-201504-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "GLSA-201406-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
},
{
"name": "USN-2030-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2030-1"
},
{
"name": "USN-2031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2031-1"
},
{
"name": "USN-2032-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2032-1"
},
{
"name": "RHSA-2013:1791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1791.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "SUSE-SU-2013:1807",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT204942"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "APPLE-SA-2015-06-30-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html"
},
{
"name": "openSUSE-SU-2013:1732",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html"
},
{
"name": "RHSA-2013:1829",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1829.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT204941"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.mozilla.org/docs/NSS/NSS_3.15.3_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "DSA-2994",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2994"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "APPLE-SA-2015-06-30-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=925100"
},
{
"name": "63736",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63736"
},
{
"name": "GLSA-201504-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "GLSA-201406-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
},
{
"name": "USN-2030-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2030-1"
},
{
"name": "USN-2031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2031-1"
},
{
"name": "USN-2032-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2032-1"
},
{
"name": "RHSA-2013:1791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1791.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "SUSE-SU-2013:1807",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT204942"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "APPLE-SA-2015-06-30-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html"
},
{
"name": "openSUSE-SU-2013:1732",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html"
},
{
"name": "RHSA-2013:1829",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1829.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2013-1741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "http://support.apple.com/kb/HT204941",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT204941"
},
{
"name": "https://developer.mozilla.org/docs/NSS/NSS_3.15.3_release_notes",
"refsource": "CONFIRM",
"url": "https://developer.mozilla.org/docs/NSS/NSS_3.15.3_release_notes"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "DSA-2994",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2994"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "APPLE-SA-2015-06-30-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=925100",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=925100"
},
{
"name": "63736",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63736"
},
{
"name": "GLSA-201504-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "GLSA-201406-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
},
{
"name": "USN-2030-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2030-1"
},
{
"name": "USN-2031-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2031-1"
},
{
"name": "USN-2032-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2032-1"
},
{
"name": "RHSA-2013:1791",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1791.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "SUSE-SU-2013:1807",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "http://support.apple.com/kb/HT204942",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT204942"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "APPLE-SA-2015-06-30-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html"
},
{
"name": "openSUSE-SU-2013:1732",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html"
},
{
"name": "RHSA-2013:1829",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1829.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2013-1741",
"datePublished": "2013-11-16T15:00:00",
"dateReserved": "2013-02-13T00:00:00",
"dateUpdated": "2024-08-06T15:13:32.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12404 (GCVE-0-2018-12404)
Vulnerability from cvelistv5
Published
2019-05-02 16:40
Modified
2024-08-05 08:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cryptographic Issues
Summary
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/107260 | vdb-entry, x_refsource_BID | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404 | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html | vendor-advisory, x_refsource_SUSE | |
| https://access.redhat.com/errata/RHSA-2019:2237 | vendor-advisory, x_refsource_REDHAT | |
| https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html | mailing-list, x_refsource_MLIST | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf | x_refsource_CONFIRM | |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mozilla | Network Security Services (NSS) |
Version: All versions prior to NSS 3.41 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:05.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107260",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107260"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404"
},
{
"name": "openSUSE-SU-2019:1758",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html"
},
{
"name": "RHSA-2019:2237",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2237"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "[debian-lts-announce] 20200929 [SECURITY] [DLA 2388-1] nss security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Network Security Services (NSS)",
"vendor": "Mozilla",
"versions": [
{
"status": "affected",
"version": "All versions prior to NSS 3.41"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cryptographic Issues",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-12T06:10:59",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "107260",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107260"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404"
},
{
"name": "openSUSE-SU-2019:1758",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html"
},
{
"name": "RHSA-2019:2237",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2237"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "[debian-lts-announce] 20200929 [SECURITY] [DLA 2388-1] nss security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-12404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Network Security Services (NSS)",
"version": {
"version_data": [
{
"version_value": "All versions prior to NSS 3.41"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cryptographic Issues"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107260"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404"
},
{
"name": "openSUSE-SU-2019:1758",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html"
},
{
"name": "RHSA-2019:2237",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2237"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "[debian-lts-announce] 20200929 [SECURITY] [DLA 2388-1] nss security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2018-12404",
"datePublished": "2019-05-02T16:40:14",
"dateReserved": "2018-06-14T00:00:00",
"dateUpdated": "2024-08-05T08:38:05.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17007 (GCVE-0-2019-17007)
Vulnerability from cvelistv5
Published
2020-10-22 20:28
Modified
2024-08-05 01:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CERT_DecodeCertPackage() crash with Netscape Certificate Sequences
Summary
In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes | x_refsource_MISC | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1533216 | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf | x_refsource_CONFIRM | |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1533216"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NSS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "3.44",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CERT_DecodeCertPackage() crash with Netscape Certificate Sequences",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-12T06:00:05",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1533216"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2019-17007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NSS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.44"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CERT_DecodeCertPackage() crash with Netscape Certificate Sequences"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes",
"refsource": "MISC",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1533216",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1533216"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2019-17007",
"datePublished": "2020-10-22T20:28:17",
"dateReserved": "2019-09-30T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5462 (GCVE-0-2017-5462)
Vulnerability from cvelistv5
Published
2018-06-11 21:00
Modified
2024-08-05 15:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- DRBG flaw in NSS
Summary
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201705-04 | vendor-advisory, x_refsource_GENTOO | |
| https://www.mozilla.org/security/advisories/mfsa2017-12/ | x_refsource_CONFIRM | |
| https://www.mozilla.org/security/advisories/mfsa2017-11/ | x_refsource_CONFIRM | |
| https://www.mozilla.org/security/advisories/mfsa2017-10/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/97940 | vdb-entry, x_refsource_BID | |
| https://www.debian.org/security/2017/dsa-3831 | vendor-advisory, x_refsource_DEBIAN | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1345089 | x_refsource_CONFIRM | |
| https://www.mozilla.org/security/advisories/mfsa2017-13/ | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1038320 | vdb-entry, x_refsource_SECTRACK | |
| https://www.debian.org/security/2017/dsa-3872 | vendor-advisory, x_refsource_DEBIAN |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Mozilla | Thunderbird |
Version: unspecified < 52.1 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:14.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201705-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201705-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-12/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-11/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-10/"
},
{
"name": "97940",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97940"
},
{
"name": "DSA-3831",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3831"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1345089"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-13/"
},
{
"name": "1038320",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038320"
},
{
"name": "DSA-3872",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3872"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "52.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "45.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "52.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "53",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DRBG flaw in NSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "GLSA-201705-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201705-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-12/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-11/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-10/"
},
{
"name": "97940",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97940"
},
{
"name": "DSA-3831",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3831"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1345089"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-13/"
},
{
"name": "1038320",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038320"
},
{
"name": "DSA-3872",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3872"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-5462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "52.1"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "45.9"
},
{
"version_affected": "\u003c",
"version_value": "52.1"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "53"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DRBG flaw in NSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201705-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-04"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-12/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-12/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-11/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-11/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-10/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-10/"
},
{
"name": "97940",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97940"
},
{
"name": "DSA-3831",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3831"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1345089",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1345089"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-13/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-13/"
},
{
"name": "1038320",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038320"
},
{
"name": "DSA-3872",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3872"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2017-5462",
"datePublished": "2018-06-11T21:00:00",
"dateReserved": "2017-01-13T00:00:00",
"dateUpdated": "2024-08-05T15:04:14.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4000 (GCVE-0-2015-4000)
Vulnerability from cvelistv5
Published
2015-05-21 00:00
Modified
2024-08-06 06:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:02.725Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2015:1184",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
},
{
"name": "SUSE-SU-2015:1177",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html"
},
{
"name": "SSRT102180",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
},
{
"name": "RHSA-2015:1243",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1243.html"
},
{
"name": "openSUSE-SU-2015:1229",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
},
{
"name": "1033208",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033208"
},
{
"name": "1032637",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032637"
},
{
"name": "HPSBGN03404",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144050121701297\u0026w=2"
},
{
"name": "DSA-3688",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "DSA-3287",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3287"
},
{
"name": "HPSBUX03512",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
},
{
"name": "1032865",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032865"
},
{
"name": "HPSBGN03351",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143557934009303\u0026w=2"
},
{
"name": "SUSE-SU-2015:1268",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
},
{
"name": "SUSE-SU-2015:1150",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
},
{
"name": "1034728",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034728"
},
{
"name": "SUSE-SU-2015:1183",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"
},
{
"name": "1032656",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032656"
},
{
"name": "RHSA-2016:2056",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
},
{
"name": "[oss-security] 20150520 CVE-2015-4000 - TLS does not properly convey server\u0027s ciphersuite choice",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2015/05/20/8"
},
{
"name": "openSUSE-SU-2015:1684",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html"
},
{
"name": "HPSBGN03361",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143628304012255\u0026w=2"
},
{
"name": "HPSBGN03399",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2"
},
{
"name": "1032475",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032475"
},
{
"name": "1032960",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032960"
},
{
"name": "openSUSE-SU-2016:0255",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html"
},
{
"name": "1032653",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032653"
},
{
"name": "SUSE-SU-2016:0224",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html"
},
{
"name": "1033385",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033385"
},
{
"name": "GLSA-201512-10",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"name": "RHSA-2015:1229",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1229.html"
},
{
"name": "openSUSE-SU-2016:0483",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html"
},
{
"name": "1032864",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032864"
},
{
"name": "1032910",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032910"
},
{
"name": "1032645",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032645"
},
{
"name": "USN-2706-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2706-1"
},
{
"name": "GLSA-201701-46",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"name": "RHSA-2015:1526",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1526.html"
},
{
"name": "1033760",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033760"
},
{
"name": "RHSA-2015:1485",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1485.html"
},
{
"name": "RHSA-2015:1197",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1197.html"
},
{
"name": "HPSBMU03401",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2"
},
{
"name": "1032699",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032699"
},
{
"name": "1032476",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032476"
},
{
"name": "1032649",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032649"
},
{
"name": "HPSBMU03345",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2"
},
{
"name": "HPSBUX03363",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143637549705650\u0026w=2"
},
{
"name": "RHSA-2015:1544",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1544.html"
},
{
"name": "FEDORA-2015-9130",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html"
},
{
"name": "SUSE-SU-2015:1182",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
},
{
"name": "SSRT102112",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196"
},
{
"name": "1032688",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032688"
},
{
"name": "SUSE-SU-2015:1143",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
},
{
"name": "1032652",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032652"
},
{
"name": "FEDORA-2015-9048",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html"
},
{
"name": "RHSA-2015:1185",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1185.html"
},
{
"name": "HPSBGN03362",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143558092609708\u0026w=2"
},
{
"name": "APPLE-SA-2015-06-30-2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"name": "openSUSE-SU-2015:1289",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html"
},
{
"name": "FEDORA-2015-9161",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html"
},
{
"name": "HPSBGN03402",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2"
},
{
"name": "1032648",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032648"
},
{
"name": "1032759",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032759"
},
{
"name": "RHSA-2015:1228",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1228.html"
},
{
"name": "HPSBGN03405",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2"
},
{
"name": "DSA-3316",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3316"
},
{
"name": "1033209",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033209"
},
{
"name": "1032871",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032871"
},
{
"name": "DSA-3324",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3324"
},
{
"name": "1032655",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032655"
},
{
"name": "1033210",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033210"
},
{
"name": "HPSBGN03411",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144061542602287\u0026w=2"
},
{
"name": "openSUSE-SU-2015:1277",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
},
{
"name": "HPSBGN03533",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145409266329539\u0026w=2"
},
{
"name": "USN-2673-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2673-1"
},
{
"name": "1034884",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034884"
},
{
"name": "HPSBMU03356",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143506486712441\u0026w=2"
},
{
"name": "GLSA-201603-11",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-11"
},
{
"name": "1033064",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033064"
},
{
"name": "SUSE-SU-2015:1181",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
},
{
"name": "1032778",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032778"
},
{
"name": "1032474",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032474"
},
{
"name": "SSRT102254",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
},
{
"name": "HPSBGN03407",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2"
},
{
"name": "openSUSE-SU-2015:1209",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html"
},
{
"name": "1032784",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032784"
},
{
"name": "1032777",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032777"
},
{
"name": "1033416",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033416"
},
{
"name": "1033991",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033991"
},
{
"name": "1032647",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032647"
},
{
"name": "1032654",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032654"
},
{
"name": "1033341",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033341"
},
{
"name": "RHSA-2015:1486",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1486.html"
},
{
"name": "SUSE-SU-2015:1663",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html"
},
{
"name": "1033433",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033433"
},
{
"name": "USN-2696-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2696-1"
},
{
"name": "APPLE-SA-2015-06-30-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
},
{
"name": "1032702",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032702"
},
{
"name": "DSA-3339",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3339"
},
{
"name": "1032727",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032727"
},
{
"name": "RHSA-2015:1242",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1242.html"
},
{
"name": "SUSE-SU-2015:1269",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
},
{
"name": "GLSA-201506-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201506-02"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "RHSA-2016:1624",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1624.html"
},
{
"name": "openSUSE-SU-2015:1266",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name": "RHSA-2015:1488",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1488.html"
},
{
"name": "SUSE-SU-2015:1319",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html"
},
{
"name": "SUSE-SU-2015:1320",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html"
},
{
"name": "1033430",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033430"
},
{
"name": "openSUSE-SU-2015:1288",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html"
},
{
"name": "RHSA-2015:1241",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1241.html"
},
{
"name": "openSUSE-SU-2016:0478",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html"
},
{
"name": "SUSE-SU-2015:1581",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"
},
{
"name": "HPSBUX03388",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
},
{
"name": "RHSA-2015:1230",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1230.html"
},
{
"name": "74733",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74733"
},
{
"name": "openSUSE-SU-2016:0261",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html"
},
{
"name": "1032651",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032651"
},
{
"name": "1033065",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033065"
},
{
"name": "USN-2656-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2656-1"
},
{
"name": "SUSE-SU-2015:1185",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
},
{
"name": "1033222",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033222"
},
{
"name": "1036218",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036218"
},
{
"name": "SUSE-SU-2015:1449",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
},
{
"name": "HPSBGN03373",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143655800220052\u0026w=2"
},
{
"name": "1040630",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040630"
},
{
"name": "openSUSE-SU-2015:1139",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
},
{
"name": "1034087",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034087"
},
{
"name": "1033513",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033513"
},
{
"name": "1032884",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032884"
},
{
"name": "RHSA-2015:1604",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1604.html"
},
{
"name": "SUSE-SU-2016:0262",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html"
},
{
"name": "1032932",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032932"
},
{
"name": "1033891",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033891"
},
{
"name": "openSUSE-SU-2016:0226",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html"
},
{
"name": "1032783",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032783"
},
{
"name": "1032856",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032856"
},
{
"name": "NetBSD-SA2015-008",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
},
{
"name": "DSA-3300",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3300"
},
{
"name": "USN-2656-2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2656-2"
},
{
"name": "1033067",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033067"
},
{
"name": "1033019",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033019"
},
{
"name": "RHSA-2015:1072",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1072.html"
},
{
"name": "1032650",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032650"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10681"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962739"
},
{
"tags": [
"x_transferred"
],
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
},
{
"tags": [
"x_transferred"
],
"url": "http://support.apple.com/kb/HT204941"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21962816"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959812"
},
{
"tags": [
"x_transferred"
],
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21959745"
},
{
"tags": [
"x_transferred"
],
"url": "https://weakdh.org/imperfect-forward-secrecy.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21959132"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959539"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959325"
},
{
"tags": [
"x_transferred"
],
"url": "https://openssl.org/news/secadv/20150611.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03831en_us"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21967893"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21958984"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959517"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959195"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961717"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960194"
},
{
"tags": [
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959453"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20150619-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959111"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960418"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.suse.com/security/cve/CVE-2015-4000.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722"
},
{
"tags": [
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX201114"
},
{
"tags": [
"x_transferred"
],
"url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960380"
},
{
"tags": [
"x_transferred"
],
"url": "http://support.apple.com/kb/HT204942"
},
{
"tags": [
"x_transferred"
],
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083"
},
{
"tags": [
"x_transferred"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959530"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960191"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959636"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
},
{
"tags": [
"x_transferred"
],
"url": "https://puppet.com/security/cve/CVE-2015-4000"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-70.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX216642"
},
{
"tags": [
"x_transferred"
],
"url": "https://weakdh.org/"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959481"
},
{
"tags": [
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa98"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138554"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962455"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv_20150611.txt"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.fortiguard.com/advisory/2015-05-20-logjam-attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SU-2015:1184",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
},
{
"name": "SUSE-SU-2015:1177",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html"
},
{
"name": "SSRT102180",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
},
{
"name": "RHSA-2015:1243",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1243.html"
},
{
"name": "openSUSE-SU-2015:1229",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
},
{
"name": "1033208",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033208"
},
{
"name": "1032637",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032637"
},
{
"name": "HPSBGN03404",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144050121701297\u0026w=2"
},
{
"name": "DSA-3688",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "DSA-3287",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3287"
},
{
"name": "HPSBUX03512",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
},
{
"name": "1032865",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032865"
},
{
"name": "HPSBGN03351",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143557934009303\u0026w=2"
},
{
"name": "SUSE-SU-2015:1268",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
},
{
"name": "SUSE-SU-2015:1150",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
},
{
"name": "1034728",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1034728"
},
{
"name": "SUSE-SU-2015:1183",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"
},
{
"name": "1032656",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032656"
},
{
"name": "RHSA-2016:2056",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
},
{
"name": "[oss-security] 20150520 CVE-2015-4000 - TLS does not properly convey server\u0027s ciphersuite choice",
"tags": [
"mailing-list"
],
"url": "http://openwall.com/lists/oss-security/2015/05/20/8"
},
{
"name": "openSUSE-SU-2015:1684",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html"
},
{
"name": "HPSBGN03361",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143628304012255\u0026w=2"
},
{
"name": "HPSBGN03399",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2"
},
{
"name": "1032475",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032475"
},
{
"name": "1032960",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032960"
},
{
"name": "openSUSE-SU-2016:0255",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html"
},
{
"name": "1032653",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032653"
},
{
"name": "SUSE-SU-2016:0224",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html"
},
{
"name": "1033385",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033385"
},
{
"name": "GLSA-201512-10",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"name": "RHSA-2015:1229",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1229.html"
},
{
"name": "openSUSE-SU-2016:0483",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html"
},
{
"name": "1032864",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032864"
},
{
"name": "1032910",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032910"
},
{
"name": "1032645",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032645"
},
{
"name": "USN-2706-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2706-1"
},
{
"name": "GLSA-201701-46",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"name": "RHSA-2015:1526",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1526.html"
},
{
"name": "1033760",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033760"
},
{
"name": "RHSA-2015:1485",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1485.html"
},
{
"name": "RHSA-2015:1197",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1197.html"
},
{
"name": "HPSBMU03401",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2"
},
{
"name": "1032699",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032699"
},
{
"name": "1032476",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032476"
},
{
"name": "1032649",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032649"
},
{
"name": "HPSBMU03345",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2"
},
{
"name": "HPSBUX03363",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143637549705650\u0026w=2"
},
{
"name": "RHSA-2015:1544",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1544.html"
},
{
"name": "FEDORA-2015-9130",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html"
},
{
"name": "SUSE-SU-2015:1182",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
},
{
"name": "SSRT102112",
"tags": [
"vendor-advisory"
],
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196"
},
{
"name": "1032688",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032688"
},
{
"name": "SUSE-SU-2015:1143",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
},
{
"name": "1032652",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032652"
},
{
"name": "FEDORA-2015-9048",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html"
},
{
"name": "RHSA-2015:1185",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1185.html"
},
{
"name": "HPSBGN03362",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143558092609708\u0026w=2"
},
{
"name": "APPLE-SA-2015-06-30-2",
"tags": [
"vendor-advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"name": "openSUSE-SU-2015:1289",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html"
},
{
"name": "FEDORA-2015-9161",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html"
},
{
"name": "HPSBGN03402",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2"
},
{
"name": "1032648",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032648"
},
{
"name": "1032759",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032759"
},
{
"name": "RHSA-2015:1228",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1228.html"
},
{
"name": "HPSBGN03405",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2"
},
{
"name": "DSA-3316",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3316"
},
{
"name": "1033209",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033209"
},
{
"name": "1032871",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032871"
},
{
"name": "DSA-3324",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3324"
},
{
"name": "1032655",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032655"
},
{
"name": "1033210",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033210"
},
{
"name": "HPSBGN03411",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144061542602287\u0026w=2"
},
{
"name": "openSUSE-SU-2015:1277",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
},
{
"name": "HPSBGN03533",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145409266329539\u0026w=2"
},
{
"name": "USN-2673-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2673-1"
},
{
"name": "1034884",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1034884"
},
{
"name": "HPSBMU03356",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143506486712441\u0026w=2"
},
{
"name": "GLSA-201603-11",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201603-11"
},
{
"name": "1033064",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033064"
},
{
"name": "SUSE-SU-2015:1181",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
},
{
"name": "1032778",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032778"
},
{
"name": "1032474",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032474"
},
{
"name": "SSRT102254",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
},
{
"name": "HPSBGN03407",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2"
},
{
"name": "openSUSE-SU-2015:1209",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html"
},
{
"name": "1032784",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032784"
},
{
"name": "1032777",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032777"
},
{
"name": "1033416",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033416"
},
{
"name": "1033991",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033991"
},
{
"name": "1032647",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032647"
},
{
"name": "1032654",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032654"
},
{
"name": "1033341",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033341"
},
{
"name": "RHSA-2015:1486",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1486.html"
},
{
"name": "SUSE-SU-2015:1663",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html"
},
{
"name": "1033433",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033433"
},
{
"name": "USN-2696-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2696-1"
},
{
"name": "APPLE-SA-2015-06-30-1",
"tags": [
"vendor-advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
},
{
"name": "1032702",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032702"
},
{
"name": "DSA-3339",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3339"
},
{
"name": "1032727",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032727"
},
{
"name": "RHSA-2015:1242",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1242.html"
},
{
"name": "SUSE-SU-2015:1269",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
},
{
"name": "GLSA-201506-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201506-02"
},
{
"name": "91787",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "RHSA-2016:1624",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1624.html"
},
{
"name": "openSUSE-SU-2015:1266",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name": "RHSA-2015:1488",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1488.html"
},
{
"name": "SUSE-SU-2015:1319",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html"
},
{
"name": "SUSE-SU-2015:1320",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html"
},
{
"name": "1033430",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033430"
},
{
"name": "openSUSE-SU-2015:1288",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html"
},
{
"name": "RHSA-2015:1241",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1241.html"
},
{
"name": "openSUSE-SU-2016:0478",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html"
},
{
"name": "SUSE-SU-2015:1581",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"
},
{
"name": "HPSBUX03388",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
},
{
"name": "RHSA-2015:1230",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1230.html"
},
{
"name": "74733",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/74733"
},
{
"name": "openSUSE-SU-2016:0261",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html"
},
{
"name": "1032651",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032651"
},
{
"name": "1033065",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033065"
},
{
"name": "USN-2656-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2656-1"
},
{
"name": "SUSE-SU-2015:1185",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
},
{
"name": "1033222",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033222"
},
{
"name": "1036218",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1036218"
},
{
"name": "SUSE-SU-2015:1449",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
},
{
"name": "HPSBGN03373",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143655800220052\u0026w=2"
},
{
"name": "1040630",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1040630"
},
{
"name": "openSUSE-SU-2015:1139",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
},
{
"name": "1034087",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1034087"
},
{
"name": "1033513",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033513"
},
{
"name": "1032884",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032884"
},
{
"name": "RHSA-2015:1604",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1604.html"
},
{
"name": "SUSE-SU-2016:0262",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html"
},
{
"name": "1032932",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032932"
},
{
"name": "1033891",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033891"
},
{
"name": "openSUSE-SU-2016:0226",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html"
},
{
"name": "1032783",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032783"
},
{
"name": "1032856",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032856"
},
{
"name": "NetBSD-SA2015-008",
"tags": [
"vendor-advisory"
],
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
},
{
"name": "DSA-3300",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3300"
},
{
"name": "USN-2656-2",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2656-2"
},
{
"name": "1033067",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033067"
},
{
"name": "1033019",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033019"
},
{
"name": "RHSA-2015:1072",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1072.html"
},
{
"name": "1032650",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032650"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10681"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962739"
},
{
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
},
{
"url": "http://support.apple.com/kb/HT204941"
},
{
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21962816"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959812"
},
{
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21959745"
},
{
"url": "https://weakdh.org/imperfect-forward-secrecy.pdf"
},
{
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21959132"
},
{
"url": "https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959539"
},
{
"url": "https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959325"
},
{
"url": "https://openssl.org/news/secadv/20150611.txt"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778"
},
{
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03831en_us"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190"
},
{
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21967893"
},
{
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21958984"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959517"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959195"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961717"
},
{
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
},
{
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960194"
},
{
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959453"
},
{
"url": "https://security.netapp.com/advisory/ntap-20150619-0001/"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959111"
},
{
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960418"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246"
},
{
"url": "https://www.suse.com/security/cve/CVE-2015-4000.html"
},
{
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722"
},
{
"url": "http://support.citrix.com/article/CTX201114"
},
{
"url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
},
{
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960380"
},
{
"url": "http://support.apple.com/kb/HT204942"
},
{
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083"
},
{
"url": "http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959530"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960191"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959636"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
},
{
"url": "https://puppet.com/security/cve/CVE-2015-4000"
},
{
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-70.html"
},
{
"url": "http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789"
},
{
"url": "https://support.citrix.com/article/CTX216642"
},
{
"url": "https://weakdh.org/"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959481"
},
{
"url": "https://bto.bluecoat.com/security-advisory/sa98"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138554"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962455"
},
{
"url": "https://www.openssl.org/news/secadv_20150611.txt"
},
{
"url": "http://www.fortiguard.com/advisory/2015-05-20-logjam-attack"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4000",
"datePublished": "2015-05-21T00:00:00",
"dateReserved": "2015-05-15T00:00:00",
"dateUpdated": "2024-08-06T06:04:02.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1568 (GCVE-0-2014-1568)
Vulnerability from cvelistv5
Published
2014-09-25 17:00
Modified
2024-08-06 09:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:36.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "VU#772676",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/772676"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698"
},
{
"name": "RHSA-2014:1307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1307.html"
},
{
"name": "70116",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70116"
},
{
"name": "USN-2360-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2360-1"
},
{
"name": "mozilla-nss-cve20141568-sec-bypass(96194)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96194"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015701"
},
{
"name": "61575",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61575"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1069405"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1064636"
},
{
"name": "SUSE-SU-2014:1220",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html"
},
{
"name": "GLSA-201504-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "61574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61574"
},
{
"name": "USN-2361-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2361-1"
},
{
"name": "DSA-3033",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3033"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "DSA-3034",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3034"
},
{
"name": "RHSA-2014:1371",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1371.html"
},
{
"name": "RHSA-2014:1354",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1354.html"
},
{
"name": "DSA-3037",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3037"
},
{
"name": "openSUSE-SU-2014:1224",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00036.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-73.html"
},
{
"name": "USN-2360-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2360-2"
},
{
"name": "61540",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61540"
},
{
"name": "61576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61576"
},
{
"name": "openSUSE-SU-2014:1232",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00039.html"
},
{
"name": "61583",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61583"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a \"signature malleability\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "VU#772676",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/772676"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698"
},
{
"name": "RHSA-2014:1307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1307.html"
},
{
"name": "70116",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70116"
},
{
"name": "USN-2360-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2360-1"
},
{
"name": "mozilla-nss-cve20141568-sec-bypass(96194)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96194"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015701"
},
{
"name": "61575",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61575"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1069405"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1064636"
},
{
"name": "SUSE-SU-2014:1220",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html"
},
{
"name": "GLSA-201504-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "61574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61574"
},
{
"name": "USN-2361-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2361-1"
},
{
"name": "DSA-3033",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3033"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "DSA-3034",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3034"
},
{
"name": "RHSA-2014:1371",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1371.html"
},
{
"name": "RHSA-2014:1354",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1354.html"
},
{
"name": "DSA-3037",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3037"
},
{
"name": "openSUSE-SU-2014:1224",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00036.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-73.html"
},
{
"name": "USN-2360-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2360-2"
},
{
"name": "61540",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61540"
},
{
"name": "61576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61576"
},
{
"name": "openSUSE-SU-2014:1232",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00039.html"
},
{
"name": "61583",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61583"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2014-1568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a \"signature malleability\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "VU#772676",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/772676"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698"
},
{
"name": "RHSA-2014:1307",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1307.html"
},
{
"name": "70116",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70116"
},
{
"name": "USN-2360-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2360-1"
},
{
"name": "mozilla-nss-cve20141568-sec-bypass(96194)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96194"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7015701",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7015701"
},
{
"name": "61575",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61575"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1069405",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1069405"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1064636",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1064636"
},
{
"name": "SUSE-SU-2014:1220",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00032.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html"
},
{
"name": "GLSA-201504-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "61574",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61574"
},
{
"name": "USN-2361-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2361-1"
},
{
"name": "DSA-3033",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3033"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "DSA-3034",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3034"
},
{
"name": "RHSA-2014:1371",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1371.html"
},
{
"name": "RHSA-2014:1354",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1354.html"
},
{
"name": "DSA-3037",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3037"
},
{
"name": "openSUSE-SU-2014:1224",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00036.html"
},
{
"name": "http://www.mozilla.org/security/announce/2014/mfsa2014-73.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-73.html"
},
{
"name": "USN-2360-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2360-2"
},
{
"name": "61540",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61540"
},
{
"name": "61576",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61576"
},
{
"name": "openSUSE-SU-2014:1232",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00039.html"
},
{
"name": "61583",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61583"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2014-1568",
"datePublished": "2014-09-25T17:00:00",
"dateReserved": "2014-01-16T00:00:00",
"dateUpdated": "2024-08-06T09:42:36.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3479 (GCVE-0-2022-3479)
Vulnerability from cvelistv5
Published
2022-10-14 00:00
Modified
2024-11-20 16:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- segmentation fault
Summary
A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:01.418Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1774654"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134331"
},
{
"name": "GLSA-202212-05",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-05"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3479",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-26T16:06:39.734909Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T16:21:14.279Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nss",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.81"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "segmentation fault",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-19T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1774654"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134331"
},
{
"name": "GLSA-202212-05",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-05"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-3479",
"datePublished": "2022-10-14T00:00:00",
"dateReserved": "2022-10-13T00:00:00",
"dateUpdated": "2024-11-20T16:21:14.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1978 (GCVE-0-2016-1978)
Vulnerability from cvelistv5
Published
2016-03-13 18:00
Modified
2024-08-05 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa124"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "DSA-3688",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "RHSA-2016:0684",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0684.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-15.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "SUSE-SU-2016:0820",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "RHSA-2016:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0685.html"
},
{
"name": "SUSE-SU-2016:0727",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name": "84275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84275"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes"
},
{
"name": "USN-2973-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2973-1"
},
{
"name": "RHSA-2016:0591",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0591.html"
},
{
"name": "SUSE-SU-2016:0909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "1035258",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035258"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1209546"
},
{
"name": "SUSE-SU-2016:0777",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa124"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "DSA-3688",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "RHSA-2016:0684",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0684.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-15.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "SUSE-SU-2016:0820",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "RHSA-2016:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0685.html"
},
{
"name": "SUSE-SU-2016:0727",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name": "84275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84275"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes"
},
{
"name": "USN-2973-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2973-1"
},
{
"name": "RHSA-2016:0591",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0591.html"
},
{
"name": "SUSE-SU-2016:0909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "1035258",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035258"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1209546"
},
{
"name": "SUSE-SU-2016:0777",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-1978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bto.bluecoat.com/security-advisory/sa124",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa124"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "DSA-3688",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "RHSA-2016:0684",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0684.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-15.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-15.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "SUSE-SU-2016:0820",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "RHSA-2016:0685",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0685.html"
},
{
"name": "SUSE-SU-2016:0727",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name": "84275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84275"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes",
"refsource": "MISC",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes"
},
{
"name": "USN-2973-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2973-1"
},
{
"name": "RHSA-2016:0591",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0591.html"
},
{
"name": "SUSE-SU-2016:0909",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "1035258",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035258"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1209546",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1209546"
},
{
"name": "SUSE-SU-2016:0777",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name": "GLSA-201605-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-1978",
"datePublished": "2016-03-13T18:00:00",
"dateReserved": "2016-01-20T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2404 (GCVE-0-2009-2404)
Vulnerability from cvelistv5
Published
2009-08-03 14:00
Modified
2024-08-07 05:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.blackhat.com/presentations/bh-usa-09/MARLINSPIKE/BHUSA09-Marlinspike-DefeatSSL-SLIDES.pdf"
},
{
"name": "36139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36139"
},
{
"name": "36102",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36102"
},
{
"name": "36157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36157"
},
{
"name": "TA10-103B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html"
},
{
"name": "oval:org.mitre.oval:def:11174",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11174"
},
{
"name": "MDVSA-2009:197",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197"
},
{
"name": "oval:org.mitre.oval:def:8658",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8658"
},
{
"name": "SUSE-SA:2009:048",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2009_48_firefox.html"
},
{
"name": "MDVSA-2009:216",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216"
},
{
"name": "RHSA-2009:1185",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1185.html"
},
{
"name": "39428",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39428"
},
{
"name": "36434",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36434"
},
{
"name": "36088",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36088"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-43.html"
},
{
"name": "35891",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35891"
},
{
"name": "RHSA-2009:1207",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1207.html"
},
{
"name": "1021699",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1"
},
{
"name": "USN-810-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-810-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"
},
{
"name": "USN-810-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/810-2/"
},
{
"name": "1021030",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1"
},
{
"name": "36125",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36125"
},
{
"name": "37098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37098"
},
{
"name": "273910",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=512912"
},
{
"name": "ADV-2009-2085",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2085"
},
{
"name": "DSA-1874",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1874"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.blackhat.com/presentations/bh-usa-09/MARLINSPIKE/BHUSA09-Marlinspike-DefeatSSL-SLIDES.pdf"
},
{
"name": "36139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36139"
},
{
"name": "36102",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36102"
},
{
"name": "36157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36157"
},
{
"name": "TA10-103B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html"
},
{
"name": "oval:org.mitre.oval:def:11174",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11174"
},
{
"name": "MDVSA-2009:197",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197"
},
{
"name": "oval:org.mitre.oval:def:8658",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8658"
},
{
"name": "SUSE-SA:2009:048",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2009_48_firefox.html"
},
{
"name": "MDVSA-2009:216",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216"
},
{
"name": "RHSA-2009:1185",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1185.html"
},
{
"name": "39428",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39428"
},
{
"name": "36434",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36434"
},
{
"name": "36088",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36088"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-43.html"
},
{
"name": "35891",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35891"
},
{
"name": "RHSA-2009:1207",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1207.html"
},
{
"name": "1021699",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1"
},
{
"name": "USN-810-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-810-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"
},
{
"name": "USN-810-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/810-2/"
},
{
"name": "1021030",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1"
},
{
"name": "36125",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36125"
},
{
"name": "37098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37098"
},
{
"name": "273910",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=512912"
},
{
"name": "ADV-2009-2085",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2085"
},
{
"name": "DSA-1874",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1874"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-2404",
"datePublished": "2009-08-03T14:00:00",
"dateReserved": "2009-07-09T00:00:00",
"dateUpdated": "2024-08-07T05:52:14.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5094 (GCVE-0-2011-5094)
Vulnerability from cvelistv5
Published
2012-06-16 21:00
Modified
2024-09-16 21:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment
References
| ▼ | URL | Tags |
|---|---|---|
| http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html | x_refsource_MISC | |
| http://www.ietf.org/mail-archive/web/tls/current/msg07567.html | mailing-list, x_refsource_MLIST | |
| http://www.ietf.org/mail-archive/web/tls/current/msg07577.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=707065 | x_refsource_MISC | |
| http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2011/07/08/2 | mailing-list, x_refsource_MLIST | |
| http://www.ietf.org/mail-archive/web/tls/current/msg07576.html | mailing-list, x_refsource_MLIST | |
| http://orchilles.com/2011/03/ssl-renegotiation-dos.html | x_refsource_MISC | |
| http://www.ietf.org/mail-archive/web/tls/current/msg07553.html | mailing-list, x_refsource_MLIST | |
| http://www.ietf.org/mail-archive/web/tls/current/msg07564.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:40.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html"
},
{
"name": "[tls] 20110315 Re: SSL Renegotiation DOS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html"
},
{
"name": "[tls] 20110318 Re: SSL Renegotiation DOS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=707065"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html"
},
{
"name": "[oss-security] 20110708 SSL renegotiation DoS CVE-2011-1473",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/08/2"
},
{
"name": "[tls] 20110318 Re: SSL Renegotiation DOS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html"
},
{
"name": "[tls] 20110315 SSL Renegotiation DOS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html"
},
{
"name": "[tls] 20110315 Re: SSL Renegotiation DOS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-06-16T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html"
},
{
"name": "[tls] 20110315 Re: SSL Renegotiation DOS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html"
},
{
"name": "[tls] 20110318 Re: SSL Renegotiation DOS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=707065"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html"
},
{
"name": "[oss-security] 20110708 SSL renegotiation DoS CVE-2011-1473",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/08/2"
},
{
"name": "[tls] 20110318 Re: SSL Renegotiation DOS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html"
},
{
"name": "[tls] 20110315 SSL Renegotiation DOS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html"
},
{
"name": "[tls] 20110315 Re: SSL Renegotiation DOS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html",
"refsource": "MISC",
"url": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html"
},
{
"name": "[tls] 20110315 Re: SSL Renegotiation DOS",
"refsource": "MLIST",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html"
},
{
"name": "[tls] 20110318 Re: SSL Renegotiation DOS",
"refsource": "MLIST",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=707065",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=707065"
},
{
"name": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html",
"refsource": "MISC",
"url": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html"
},
{
"name": "[oss-security] 20110708 SSL renegotiation DoS CVE-2011-1473",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/07/08/2"
},
{
"name": "[tls] 20110318 Re: SSL Renegotiation DOS",
"refsource": "MLIST",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html"
},
{
"name": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html",
"refsource": "MISC",
"url": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html"
},
{
"name": "[tls] 20110315 SSL Renegotiation DOS",
"refsource": "MLIST",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html"
},
{
"name": "[tls] 20110315 Re: SSL Renegotiation DOS",
"refsource": "MLIST",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5094",
"datePublished": "2012-06-16T21:00:00Z",
"dateReserved": "2012-06-16T00:00:00Z",
"dateUpdated": "2024-09-16T21:56:51.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18508 (GCVE-0-2018-18508)
Vulnerability from cvelistv5
Published
2020-10-22 20:14
Modified
2024-08-05 11:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service through malformed signatures
Summary
In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes | x_refsource_MISC | |
| https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf | x_refsource_CONFIRM | |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:22.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NSS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "3.41.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "3.36.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service through malformed signatures",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-12T05:57:40",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-18508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NSS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.41.1"
},
{
"version_affected": "\u003c",
"version_value": "3.36.7"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service through malformed signatures"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes",
"refsource": "MISC",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes",
"refsource": "MISC",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2018-18508",
"datePublished": "2020-10-22T20:14:42",
"dateReserved": "2018-10-19T00:00:00",
"dateUpdated": "2024-08-05T11:08:22.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5606 (GCVE-0-2013-5606)
Vulnerability from cvelistv5
Published
2013-11-16 15:00
Modified
2024-08-06 17:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:15:21.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "63737",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63737"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.mozilla.org/docs/NSS/NSS_3.15.3_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "DSA-2994",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2994"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "GLSA-201504-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "GLSA-201406-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
},
{
"name": "USN-2030-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2030-1"
},
{
"name": "RHSA-2013:1791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1791.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "SUSE-SU-2013:1807",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=910438"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html"
},
{
"name": "openSUSE-SU-2013:1732",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html"
},
{
"name": "RHSA-2014:0041",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0041.html"
},
{
"name": "RHSA-2013:1829",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1829.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "63737",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63737"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.mozilla.org/docs/NSS/NSS_3.15.3_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "DSA-2994",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2994"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "GLSA-201504-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "GLSA-201406-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
},
{
"name": "USN-2030-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2030-1"
},
{
"name": "RHSA-2013:1791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1791.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "SUSE-SU-2013:1807",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=910438"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html"
},
{
"name": "openSUSE-SU-2013:1732",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html"
},
{
"name": "RHSA-2014:0041",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0041.html"
},
{
"name": "RHSA-2013:1829",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1829.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2013-5606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "63737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63737"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "https://developer.mozilla.org/docs/NSS/NSS_3.15.3_release_notes",
"refsource": "CONFIRM",
"url": "https://developer.mozilla.org/docs/NSS/NSS_3.15.3_release_notes"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "DSA-2994",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2994"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "GLSA-201504-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "GLSA-201406-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
},
{
"name": "USN-2030-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2030-1"
},
{
"name": "RHSA-2013:1791",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1791.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "SUSE-SU-2013:1807",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=910438",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=910438"
},
{
"name": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html"
},
{
"name": "openSUSE-SU-2013:1732",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html"
},
{
"name": "RHSA-2014:0041",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0041.html"
},
{
"name": "RHSA-2013:1829",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1829.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2013-5606",
"datePublished": "2013-11-16T15:00:00",
"dateReserved": "2013-08-26T00:00:00",
"dateUpdated": "2024-08-06T17:15:21.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2834 (GCVE-0-2016-2834)
Vulnerability from cvelistv5
Published
2016-06-13 10:00
Modified
2024-08-05 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:21.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036057",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036057"
},
{
"name": "DSA-3688",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "openSUSE-SU-2016:1557",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241034"
},
{
"name": "RHSA-2016:2779",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-61.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1221620"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes"
},
{
"name": "USN-3029-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3029-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1206283"
},
{
"name": "91072",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91072"
},
{
"name": "openSUSE-SU-2016:1552",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html"
},
{
"name": "USN-2993-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2993-1"
},
{
"name": "SUSE-SU-2016:1691",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241037"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "1036057",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036057"
},
{
"name": "DSA-3688",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "openSUSE-SU-2016:1557",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241034"
},
{
"name": "RHSA-2016:2779",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-61.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1221620"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes"
},
{
"name": "USN-3029-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3029-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1206283"
},
{
"name": "91072",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91072"
},
{
"name": "openSUSE-SU-2016:1552",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html"
},
{
"name": "USN-2993-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2993-1"
},
{
"name": "SUSE-SU-2016:1691",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241037"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-2834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036057",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036057"
},
{
"name": "DSA-3688",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "openSUSE-SU-2016:1557",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241034",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241034"
},
{
"name": "RHSA-2016:2779",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-61.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-61.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1221620",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1221620"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes",
"refsource": "CONFIRM",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes"
},
{
"name": "USN-3029-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3029-1"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1206283",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1206283"
},
{
"name": "91072",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91072"
},
{
"name": "openSUSE-SU-2016:1552",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html"
},
{
"name": "USN-2993-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2993-1"
},
{
"name": "SUSE-SU-2016:1691",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241037",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241037"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-2834",
"datePublished": "2016-06-13T10:00:00",
"dateReserved": "2016-03-01T00:00:00",
"dateUpdated": "2024-08-05T23:32:21.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1740 (GCVE-0-2013-1740)
Vulnerability from cvelistv5
Published
2014-01-18 22:00
Modified
2024-08-06 15:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:32.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "openSUSE-SU-2014:0212",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.mozilla.org/docs/NSS/NSS_3.15.4_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "64944",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64944"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "mozilla-nss-cve20131740-info-disc(90394)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90394"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1053725"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "USN-2088-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2088-1"
},
{
"name": "openSUSE-SU-2014:0213",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=919877"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=498172"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "openSUSE-SU-2014:0212",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.mozilla.org/docs/NSS/NSS_3.15.4_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "64944",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64944"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "mozilla-nss-cve20131740-info-disc(90394)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90394"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1053725"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "USN-2088-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2088-1"
},
{
"name": "openSUSE-SU-2014:0213",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=919877"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=498172"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2013-1740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "openSUSE-SU-2014:0212",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "https://developer.mozilla.org/docs/NSS/NSS_3.15.4_release_notes",
"refsource": "CONFIRM",
"url": "https://developer.mozilla.org/docs/NSS/NSS_3.15.4_release_notes"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "64944",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64944"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "mozilla-nss-cve20131740-info-disc(90394)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90394"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1053725",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1053725"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "USN-2088-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2088-1"
},
{
"name": "openSUSE-SU-2014:0213",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=919877",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=919877"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=498172",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=498172"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2013-1740",
"datePublished": "2014-01-18T22:00:00",
"dateReserved": "2013-02-13T00:00:00",
"dateUpdated": "2024-08-06T15:13:32.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2721 (GCVE-0-2015-2721)
Vulnerability from cvelistv5
Published
2015-07-06 01:00
Modified
2024-08-06 05:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:24:38.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "openSUSE-SU-2015:1229",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
},
{
"name": "SUSE-SU-2015:1268",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes"
},
{
"name": "83398",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/83398"
},
{
"name": "GLSA-201512-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"name": "GLSA-201701-46",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"name": "DSA-3336",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3336"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "75541",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75541"
},
{
"name": "RHSA-2015:1185",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1185.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "DSA-3324",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3324"
},
{
"name": "USN-2672-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2672-1"
},
{
"name": "USN-2673-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2673-1"
},
{
"name": "1032784",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032784"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1086145"
},
{
"name": "SUSE-SU-2015:1269",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-71.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "openSUSE-SU-2015:1266",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name": "RHSA-2015:1664",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1664.html"
},
{
"name": "USN-2656-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2656-1"
},
{
"name": "SUSE-SU-2015:1449",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://smacktls.com"
},
{
"name": "1032783",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032783"
},
{
"name": "USN-2656-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2656-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a \"SMACK SKIP-TLS\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "openSUSE-SU-2015:1229",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
},
{
"name": "SUSE-SU-2015:1268",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes"
},
{
"name": "83398",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/83398"
},
{
"name": "GLSA-201512-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"name": "GLSA-201701-46",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"name": "DSA-3336",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3336"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "75541",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75541"
},
{
"name": "RHSA-2015:1185",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1185.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "DSA-3324",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3324"
},
{
"name": "USN-2672-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2672-1"
},
{
"name": "USN-2673-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2673-1"
},
{
"name": "1032784",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032784"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1086145"
},
{
"name": "SUSE-SU-2015:1269",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-71.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "openSUSE-SU-2015:1266",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name": "RHSA-2015:1664",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1664.html"
},
{
"name": "USN-2656-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2656-1"
},
{
"name": "SUSE-SU-2015:1449",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://smacktls.com"
},
{
"name": "1032783",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032783"
},
{
"name": "USN-2656-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2656-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2015-2721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a \"SMACK SKIP-TLS\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "openSUSE-SU-2015:1229",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
},
{
"name": "SUSE-SU-2015:1268",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes",
"refsource": "CONFIRM",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes"
},
{
"name": "83398",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83398"
},
{
"name": "GLSA-201512-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"name": "GLSA-201701-46",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"name": "DSA-3336",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3336"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "75541",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75541"
},
{
"name": "RHSA-2015:1185",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1185.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "DSA-3324",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3324"
},
{
"name": "USN-2672-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2672-1"
},
{
"name": "USN-2673-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2673-1"
},
{
"name": "1032784",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032784"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1086145",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1086145"
},
{
"name": "SUSE-SU-2015:1269",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
},
{
"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-71.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-71.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "openSUSE-SU-2015:1266",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name": "RHSA-2015:1664",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1664.html"
},
{
"name": "USN-2656-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2656-1"
},
{
"name": "SUSE-SU-2015:1449",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
},
{
"name": "https://smacktls.com",
"refsource": "MISC",
"url": "https://smacktls.com"
},
{
"name": "1032783",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032783"
},
{
"name": "USN-2656-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2656-2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2015-2721",
"datePublished": "2015-07-06T01:00:00",
"dateReserved": "2015-03-25T00:00:00",
"dateUpdated": "2024-08-06T05:24:38.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7182 (GCVE-0-2015-7182)
Vulnerability from cvelistv5
Published
2015-11-05 02:00
Modified
2024-08-06 07:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:44.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "1034069",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034069"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa119"
},
{
"name": "DSA-3688",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "DSA-3410",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3410"
},
{
"name": "SUSE-SU-2015:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
},
{
"name": "GLSA-201512-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "SUSE-SU-2015:1981",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1202868"
},
{
"name": "openSUSE-SU-2015:2229",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes"
},
{
"name": "USN-2785-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2785-1"
},
{
"name": "USN-2791-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2791-1"
},
{
"name": "SUSE-SU-2015:1926",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "RHSA-2015:1981",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html"
},
{
"name": "USN-2819-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2819-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes"
},
{
"name": "openSUSE-SU-2015:1942",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"
},
{
"name": "RHSA-2015:1980",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html"
},
{
"name": "DSA-3393",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3393"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html"
},
{
"name": "77416",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77416"
},
{
"name": "openSUSE-SU-2015:2245",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "SSA:2015-310-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.399753"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html"
},
{
"name": "SUSE-SU-2015:1978",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "1034069",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034069"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa119"
},
{
"name": "DSA-3688",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "DSA-3410",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3410"
},
{
"name": "SUSE-SU-2015:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
},
{
"name": "GLSA-201512-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "SUSE-SU-2015:1981",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1202868"
},
{
"name": "openSUSE-SU-2015:2229",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes"
},
{
"name": "USN-2785-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2785-1"
},
{
"name": "USN-2791-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2791-1"
},
{
"name": "SUSE-SU-2015:1926",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "RHSA-2015:1981",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html"
},
{
"name": "USN-2819-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2819-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes"
},
{
"name": "openSUSE-SU-2015:1942",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"
},
{
"name": "RHSA-2015:1980",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html"
},
{
"name": "DSA-3393",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3393"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html"
},
{
"name": "77416",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77416"
},
{
"name": "openSUSE-SU-2015:2245",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "SSA:2015-310-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.399753"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html"
},
{
"name": "SUSE-SU-2015:1978",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2015-7182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "1034069",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034069"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa119",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa119"
},
{
"name": "DSA-3688",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "DSA-3410",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3410"
},
{
"name": "SUSE-SU-2015:2081",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
},
{
"name": "GLSA-201512-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "SUSE-SU-2015:1981",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1202868",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1202868"
},
{
"name": "openSUSE-SU-2015:2229",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes",
"refsource": "CONFIRM",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes"
},
{
"name": "USN-2785-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2785-1"
},
{
"name": "USN-2791-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2791-1"
},
{
"name": "SUSE-SU-2015:1926",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "RHSA-2015:1981",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html"
},
{
"name": "USN-2819-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2819-1"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes",
"refsource": "CONFIRM",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes"
},
{
"name": "openSUSE-SU-2015:1942",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"
},
{
"name": "RHSA-2015:1980",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html"
},
{
"name": "DSA-3393",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3393"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes",
"refsource": "CONFIRM",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes"
},
{
"name": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html"
},
{
"name": "77416",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77416"
},
{
"name": "openSUSE-SU-2015:2245",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"
},
{
"name": "GLSA-201605-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "SSA:2015-310-02",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.399753"
},
{
"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html"
},
{
"name": "SUSE-SU-2015:1978",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2015-7182",
"datePublished": "2015-11-05T02:00:00",
"dateReserved": "2015-09-16T00:00:00",
"dateUpdated": "2024-08-06T07:43:44.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4340 (GCVE-0-2006-4340)
Vulnerability from cvelistv5
Published
2006-09-15 18:00
Modified
2024-08-07 19:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
},
{
"name": "1016858",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016858"
},
{
"name": "22992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22992"
},
{
"name": "ADV-2006-3748",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3748"
},
{
"name": "1016859",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016859"
},
{
"name": "RHSA-2006:0676",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
},
{
"name": "23883",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23883"
},
{
"name": "ADV-2006-3899",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3899"
},
{
"name": "22044",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22044"
},
{
"name": "22055",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22055"
},
{
"name": "22195",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22195"
},
{
"name": "USN-361-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-361-1"
},
{
"name": "USN-352-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-352-1"
},
{
"name": "22446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22446"
},
{
"name": "21950",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21950"
},
{
"name": "USN-351-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-351-1"
},
{
"name": "22025",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22025"
},
{
"name": "22056",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22056"
},
{
"name": "[ietf-openpgp] 20060827 Bleichenbacher\u0027s RSA signature forgery based on implementation error",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
},
{
"name": "TA06-312A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-312A.html"
},
{
"name": "22247",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22247"
},
{
"name": "MDKSA-2006:168",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
},
{
"name": "DSA-1191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.us.debian.org/security/2006/dsa-1191"
},
{
"name": "ADV-2007-0293",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0293"
},
{
"name": "22210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22210"
},
{
"name": "DSA-1210",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1210"
},
{
"name": "24711",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24711"
},
{
"name": "ADV-2006-3622",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3622"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
},
{
"name": "1016860",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016860"
},
{
"name": "22849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22849"
},
{
"name": "ADV-2008-0083",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name": "20060901-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
},
{
"name": "21939",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21939"
},
{
"name": "ADV-2006-3617",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3617"
},
{
"name": "GLSA-200610-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml"
},
{
"name": "21915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21915"
},
{
"name": "ADV-2007-1198",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1198"
},
{
"name": "RHSA-2006:0677",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
},
{
"name": "DSA-1192",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1192"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm"
},
{
"name": "GLSA-200609-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
},
{
"name": "SSRT061181",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
},
{
"name": "22274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22274"
},
{
"name": "RHSA-2006:0675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
},
{
"name": "21940",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21940"
},
{
"name": "mozilla-nss-security-bypass(30098)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30098"
},
{
"name": "102648",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
},
{
"name": "22001",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22001"
},
{
"name": "20060915 rPSA-2006-0169-1 firefox thunderbird",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
},
{
"name": "21903",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21903"
},
{
"name": "USN-350-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-350-1"
},
{
"name": "21906",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21906"
},
{
"name": "HPSBUX02153",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
},
{
"name": "22342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22342"
},
{
"name": "GLSA-200610-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
},
{
"name": "22074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22074"
},
{
"name": "22226",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22226"
},
{
"name": "22066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22066"
},
{
"name": "22088",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22088"
},
{
"name": "21949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21949"
},
{
"name": "SUSE-SA:2006:054",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-640"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html"
},
{
"name": "22036",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22036"
},
{
"name": "SUSE-SA:2006:055",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_55_ssl.html"
},
{
"name": "oval:org.mitre.oval:def:11007",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007"
},
{
"name": "USN-354-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-354-1"
},
{
"name": "102781",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1"
},
{
"name": "22422",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22422"
},
{
"name": "22299",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22299"
},
{
"name": "MDKSA-2006:169",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
},
{
"name": "21916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21916"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
},
{
"name": "1016858",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016858"
},
{
"name": "22992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22992"
},
{
"name": "ADV-2006-3748",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3748"
},
{
"name": "1016859",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016859"
},
{
"name": "RHSA-2006:0676",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
},
{
"name": "23883",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23883"
},
{
"name": "ADV-2006-3899",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3899"
},
{
"name": "22044",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22044"
},
{
"name": "22055",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22055"
},
{
"name": "22195",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22195"
},
{
"name": "USN-361-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-361-1"
},
{
"name": "USN-352-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-352-1"
},
{
"name": "22446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22446"
},
{
"name": "21950",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21950"
},
{
"name": "USN-351-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-351-1"
},
{
"name": "22025",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22025"
},
{
"name": "22056",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22056"
},
{
"name": "[ietf-openpgp] 20060827 Bleichenbacher\u0027s RSA signature forgery based on implementation error",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
},
{
"name": "TA06-312A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-312A.html"
},
{
"name": "22247",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22247"
},
{
"name": "MDKSA-2006:168",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
},
{
"name": "DSA-1191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.us.debian.org/security/2006/dsa-1191"
},
{
"name": "ADV-2007-0293",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0293"
},
{
"name": "22210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22210"
},
{
"name": "DSA-1210",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1210"
},
{
"name": "24711",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24711"
},
{
"name": "ADV-2006-3622",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3622"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
},
{
"name": "1016860",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016860"
},
{
"name": "22849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22849"
},
{
"name": "ADV-2008-0083",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name": "20060901-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
},
{
"name": "21939",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21939"
},
{
"name": "ADV-2006-3617",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3617"
},
{
"name": "GLSA-200610-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml"
},
{
"name": "21915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21915"
},
{
"name": "ADV-2007-1198",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1198"
},
{
"name": "RHSA-2006:0677",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
},
{
"name": "DSA-1192",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1192"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm"
},
{
"name": "GLSA-200609-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
},
{
"name": "SSRT061181",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
},
{
"name": "22274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22274"
},
{
"name": "RHSA-2006:0675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
},
{
"name": "21940",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21940"
},
{
"name": "mozilla-nss-security-bypass(30098)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30098"
},
{
"name": "102648",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
},
{
"name": "22001",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22001"
},
{
"name": "20060915 rPSA-2006-0169-1 firefox thunderbird",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
},
{
"name": "21903",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21903"
},
{
"name": "USN-350-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-350-1"
},
{
"name": "21906",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21906"
},
{
"name": "HPSBUX02153",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
},
{
"name": "22342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22342"
},
{
"name": "GLSA-200610-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
},
{
"name": "22074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22074"
},
{
"name": "22226",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22226"
},
{
"name": "22066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22066"
},
{
"name": "22088",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22088"
},
{
"name": "21949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21949"
},
{
"name": "SUSE-SA:2006:054",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-640"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html"
},
{
"name": "22036",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22036"
},
{
"name": "SUSE-SA:2006:055",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_55_ssl.html"
},
{
"name": "oval:org.mitre.oval:def:11007",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007"
},
{
"name": "USN-354-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-354-1"
},
{
"name": "102781",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1"
},
{
"name": "22422",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22422"
},
{
"name": "22299",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22299"
},
{
"name": "MDKSA-2006:169",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
},
{
"name": "21916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21916"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-4340",
"datePublished": "2006-09-15T18:00:00",
"dateReserved": "2006-08-24T00:00:00",
"dateUpdated": "2024-08-07T19:06:07.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5605 (GCVE-0-2013-5605)
Vulnerability from cvelistv5
Published
2013-11-16 15:00
Modified
2024-08-06 17:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:15:21.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "RHSA-2013:1840",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1840.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.mozilla.org/docs/NSS/NSS_3.15.3_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=934016"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "RHSA-2013:1841",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1841.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "openSUSE-SU-2013:1730",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00078.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "GLSA-201504-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "GLSA-201406-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
},
{
"name": "USN-2030-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2030-1"
},
{
"name": "USN-2031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2031-1"
},
{
"name": "USN-2032-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2032-1"
},
{
"name": "RHSA-2013:1791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1791.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.mozilla.org/docs/NSS/NSS_3.14.5_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "SUSE-SU-2013:1807",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "DSA-2800",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2800"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "63738",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63738"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html"
},
{
"name": "openSUSE-SU-2013:1732",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html"
},
{
"name": "RHSA-2014:0041",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0041.html"
},
{
"name": "RHSA-2013:1829",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1829.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "RHSA-2013:1840",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1840.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.mozilla.org/docs/NSS/NSS_3.15.3_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=934016"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "RHSA-2013:1841",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1841.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "openSUSE-SU-2013:1730",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00078.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "GLSA-201504-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "GLSA-201406-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
},
{
"name": "USN-2030-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2030-1"
},
{
"name": "USN-2031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2031-1"
},
{
"name": "USN-2032-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2032-1"
},
{
"name": "RHSA-2013:1791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1791.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.mozilla.org/docs/NSS/NSS_3.14.5_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "SUSE-SU-2013:1807",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "DSA-2800",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2800"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "63738",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63738"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html"
},
{
"name": "openSUSE-SU-2013:1732",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html"
},
{
"name": "RHSA-2014:0041",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0041.html"
},
{
"name": "RHSA-2013:1829",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1829.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2013-5605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "RHSA-2013:1840",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1840.html"
},
{
"name": "https://developer.mozilla.org/docs/NSS/NSS_3.15.3_release_notes",
"refsource": "CONFIRM",
"url": "https://developer.mozilla.org/docs/NSS/NSS_3.15.3_release_notes"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=934016",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=934016"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "RHSA-2013:1841",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1841.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "openSUSE-SU-2013:1730",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00078.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "GLSA-201504-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "GLSA-201406-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
},
{
"name": "USN-2030-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2030-1"
},
{
"name": "USN-2031-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2031-1"
},
{
"name": "USN-2032-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2032-1"
},
{
"name": "RHSA-2013:1791",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1791.html"
},
{
"name": "https://developer.mozilla.org/docs/NSS/NSS_3.14.5_release_notes",
"refsource": "CONFIRM",
"url": "https://developer.mozilla.org/docs/NSS/NSS_3.14.5_release_notes"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "SUSE-SU-2013:1807",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "DSA-2800",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2800"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "63738",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63738"
},
{
"name": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html"
},
{
"name": "openSUSE-SU-2013:1732",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html"
},
{
"name": "RHSA-2014:0041",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0041.html"
},
{
"name": "RHSA-2013:1829",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1829.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2013-5605",
"datePublished": "2013-11-16T15:00:00",
"dateReserved": "2013-08-26T00:00:00",
"dateUpdated": "2024-08-06T17:15:21.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7183 (GCVE-0-2015-7183)
Vulnerability from cvelistv5
Published
2015-11-05 02:00
Modified
2024-08-06 07:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:44.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "1034069",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034069"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa119"
},
{
"name": "SUSE-SU-2015:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
},
{
"name": "GLSA-201512-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "SUSE-SU-2015:1981",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1205157"
},
{
"name": "DSA-3406",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3406"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "openSUSE-SU-2015:2229",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes"
},
{
"name": "USN-2785-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2785-1"
},
{
"name": "SUSE-SU-2015:1926",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "RHSA-2015:1981",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html"
},
{
"name": "USN-2819-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2819-1"
},
{
"name": "77415",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77415"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes"
},
{
"name": "openSUSE-SU-2015:1942",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"
},
{
"name": "RHSA-2015:1980",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html"
},
{
"name": "USN-2790-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2790-1"
},
{
"name": "DSA-3393",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3393"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html"
},
{
"name": "openSUSE-SU-2015:2245",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "SSA:2015-310-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.399753"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html"
},
{
"name": "SUSE-SU-2015:1978",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-19T16:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "1034069",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034069"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa119"
},
{
"name": "SUSE-SU-2015:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
},
{
"name": "GLSA-201512-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "SUSE-SU-2015:1981",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1205157"
},
{
"name": "DSA-3406",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3406"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "openSUSE-SU-2015:2229",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes"
},
{
"name": "USN-2785-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2785-1"
},
{
"name": "SUSE-SU-2015:1926",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "RHSA-2015:1981",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html"
},
{
"name": "USN-2819-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2819-1"
},
{
"name": "77415",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77415"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes"
},
{
"name": "openSUSE-SU-2015:1942",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"
},
{
"name": "RHSA-2015:1980",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html"
},
{
"name": "USN-2790-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2790-1"
},
{
"name": "DSA-3393",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3393"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html"
},
{
"name": "openSUSE-SU-2015:2245",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "SSA:2015-310-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.399753"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html"
},
{
"name": "SUSE-SU-2015:1978",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2015-7183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "1034069",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034069"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa119",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa119"
},
{
"name": "SUSE-SU-2015:2081",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
},
{
"name": "GLSA-201512-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "SUSE-SU-2015:1981",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1205157",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1205157"
},
{
"name": "DSA-3406",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3406"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "openSUSE-SU-2015:2229",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes",
"refsource": "CONFIRM",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes"
},
{
"name": "USN-2785-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2785-1"
},
{
"name": "SUSE-SU-2015:1926",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "RHSA-2015:1981",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html"
},
{
"name": "USN-2819-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2819-1"
},
{
"name": "77415",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77415"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes",
"refsource": "CONFIRM",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes"
},
{
"name": "openSUSE-SU-2015:1942",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"
},
{
"name": "RHSA-2015:1980",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html"
},
{
"name": "USN-2790-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2790-1"
},
{
"name": "DSA-3393",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3393"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes",
"refsource": "CONFIRM",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes"
},
{
"name": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html"
},
{
"name": "openSUSE-SU-2015:2245",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"
},
{
"name": "GLSA-201605-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "SSA:2015-310-02",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.399753"
},
{
"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html"
},
{
"name": "SUSE-SU-2015:1978",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2015-7183",
"datePublished": "2015-11-05T02:00:00",
"dateReserved": "2015-09-16T00:00:00",
"dateUpdated": "2024-08-06T07:43:44.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11696 (GCVE-0-2017-11696)
Vulnerability from cvelistv5
Published
2017-12-27 19:00
Modified
2024-08-05 18:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1039153 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/100345 | vdb-entry, x_refsource_BID | |
| http://www.geeknik.net/9brdqk6xu | x_refsource_MISC | |
| http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2017/Aug/17 | mailing-list, x_refsource_FULLDISC | |
| https://security.gentoo.org/glsa/202003-37 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:38.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039153"
},
{
"name": "100345",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100345"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.geeknik.net/9brdqk6xu"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html"
},
{
"name": "20170811 Multiple unpatched flaws exist in NSS (CVE-2017-11695, CVE-2017-11696, CVE-2017-11697, CVE-2017-11698)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Aug/17"
},
{
"name": "GLSA-202003-37",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-37"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T22:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1039153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039153"
},
{
"name": "100345",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100345"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.geeknik.net/9brdqk6xu"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html"
},
{
"name": "20170811 Multiple unpatched flaws exist in NSS (CVE-2017-11695, CVE-2017-11696, CVE-2017-11697, CVE-2017-11698)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Aug/17"
},
{
"name": "GLSA-202003-37",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-37"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039153"
},
{
"name": "100345",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100345"
},
{
"name": "http://www.geeknik.net/9brdqk6xu",
"refsource": "MISC",
"url": "http://www.geeknik.net/9brdqk6xu"
},
{
"name": "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html"
},
{
"name": "20170811 Multiple unpatched flaws exist in NSS (CVE-2017-11695, CVE-2017-11696, CVE-2017-11697, CVE-2017-11698)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Aug/17"
},
{
"name": "GLSA-202003-37",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-37"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11696",
"datePublished": "2017-12-27T19:00:00",
"dateReserved": "2017-07-27T00:00:00",
"dateUpdated": "2024-08-05T18:19:38.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1950 (GCVE-0-2016-1950)
Vulnerability from cvelistv5
Published
2016-03-13 18:00
Modified
2024-08-05 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:10:40.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa119"
},
{
"name": "DSA-3688",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "openSUSE-SU-2016:1557",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
},
{
"name": "APPLE-SA-2016-03-21-5",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-35.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206167"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206168"
},
{
"name": "84223",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84223"
},
{
"name": "SUSE-SU-2016:0820",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "APPLE-SA-2016-03-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
},
{
"name": "openSUSE-SU-2016:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "SUSE-SU-2016:0727",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "USN-2917-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "APPLE-SA-2016-03-21-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
},
{
"name": "DSA-3520",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"name": "SUSE-SU-2016:0909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "DSA-3510",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"name": "openSUSE-SU-2016:0733",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "USN-2924-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2924-1"
},
{
"name": "1035215",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "SUSE-SU-2016:0777",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "APPLE-SA-2016-03-21-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
},
{
"name": "USN-2934-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2934-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206169"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes"
},
{
"name": "RHSA-2016:0495",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0495.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206166"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245528"
},
{
"name": "USN-2917-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"name": "USN-2917-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2917-3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa119"
},
{
"name": "DSA-3688",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "openSUSE-SU-2016:1557",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
},
{
"name": "APPLE-SA-2016-03-21-5",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-35.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206167"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206168"
},
{
"name": "84223",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84223"
},
{
"name": "SUSE-SU-2016:0820",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "APPLE-SA-2016-03-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
},
{
"name": "openSUSE-SU-2016:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "SUSE-SU-2016:0727",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "USN-2917-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "APPLE-SA-2016-03-21-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
},
{
"name": "DSA-3520",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"name": "SUSE-SU-2016:0909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "DSA-3510",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"name": "openSUSE-SU-2016:0733",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "USN-2924-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2924-1"
},
{
"name": "1035215",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "SUSE-SU-2016:0777",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "APPLE-SA-2016-03-21-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
},
{
"name": "USN-2934-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2934-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206169"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes"
},
{
"name": "RHSA-2016:0495",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0495.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206166"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245528"
},
{
"name": "USN-2917-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"name": "USN-2917-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2917-3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-1950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa119",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa119"
},
{
"name": "DSA-3688",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "openSUSE-SU-2016:1557",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
},
{
"name": "APPLE-SA-2016-03-21-5",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-35.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-35.html"
},
{
"name": "https://support.apple.com/HT206167",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206167"
},
{
"name": "https://support.apple.com/HT206168",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206168"
},
{
"name": "84223",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84223"
},
{
"name": "SUSE-SU-2016:0820",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "APPLE-SA-2016-03-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
},
{
"name": "openSUSE-SU-2016:0731",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "SUSE-SU-2016:0727",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "USN-2917-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "APPLE-SA-2016-03-21-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
},
{
"name": "DSA-3520",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"name": "SUSE-SU-2016:0909",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "DSA-3510",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"name": "openSUSE-SU-2016:0733",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "USN-2924-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2924-1"
},
{
"name": "1035215",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "SUSE-SU-2016:0777",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "GLSA-201605-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "APPLE-SA-2016-03-21-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
},
{
"name": "USN-2934-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2934-1"
},
{
"name": "https://support.apple.com/HT206169",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206169"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes",
"refsource": "CONFIRM",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes"
},
{
"name": "RHSA-2016:0495",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0495.html"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes",
"refsource": "CONFIRM",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes"
},
{
"name": "https://support.apple.com/HT206166",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206166"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245528",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245528"
},
{
"name": "USN-2917-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"name": "USN-2917-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-1950",
"datePublished": "2016-03-13T18:00:00",
"dateReserved": "2016-01-20T00:00:00",
"dateUpdated": "2024-08-05T23:10:40.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1492 (GCVE-0-2014-1492)
Vulnerability from cvelistv5
Published
2014-03-25 01:00
Modified
2024-08-06 09:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:36.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "DSA-2994",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2994"
},
{
"name": "openSUSE-SU-2014:0599",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html"
},
{
"name": "openSUSE-SU-2014:0629",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-45.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "SUSE-SU-2014:0727",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html"
},
{
"name": "60621",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60621"
},
{
"name": "60794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60794"
},
{
"name": "GLSA-201504-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "59866",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59866"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=903885"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "SUSE-SU-2014:0665",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://hg.mozilla.org/projects/nss/rev/709d4e597979"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "USN-2185-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2185-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1079851"
},
{
"name": "66356",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66356"
},
{
"name": "USN-2159-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2159-1"
},
{
"name": "FEDORA-2014-5829",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name\u0027s U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "DSA-2994",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2994"
},
{
"name": "openSUSE-SU-2014:0599",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html"
},
{
"name": "openSUSE-SU-2014:0629",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-45.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "SUSE-SU-2014:0727",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html"
},
{
"name": "60621",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60621"
},
{
"name": "60794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60794"
},
{
"name": "GLSA-201504-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "59866",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59866"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=903885"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "SUSE-SU-2014:0665",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://hg.mozilla.org/projects/nss/rev/709d4e597979"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "USN-2185-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2185-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1079851"
},
{
"name": "66356",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66356"
},
{
"name": "USN-2159-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2159-1"
},
{
"name": "FEDORA-2014-5829",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2014-1492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name\u0027s U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "DSA-2994",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2994"
},
{
"name": "openSUSE-SU-2014:0599",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html"
},
{
"name": "openSUSE-SU-2014:0629",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html"
},
{
"name": "https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes",
"refsource": "CONFIRM",
"url": "https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "http://www.mozilla.org/security/announce/2014/mfsa2014-45.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-45.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "SUSE-SU-2014:0727",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html"
},
{
"name": "60621",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60621"
},
{
"name": "60794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60794"
},
{
"name": "GLSA-201504-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "59866",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59866"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=903885",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=903885"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "SUSE-SU-2014:0665",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html"
},
{
"name": "https://hg.mozilla.org/projects/nss/rev/709d4e597979",
"refsource": "CONFIRM",
"url": "https://hg.mozilla.org/projects/nss/rev/709d4e597979"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "USN-2185-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2185-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1079851",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1079851"
},
{
"name": "66356",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66356"
},
{
"name": "USN-2159-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2159-1"
},
{
"name": "FEDORA-2014-5829",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2014-1492",
"datePublished": "2014-03-25T01:00:00",
"dateReserved": "2014-01-16T00:00:00",
"dateUpdated": "2024-08-06T09:42:36.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1544 (GCVE-0-2014-1544)
Vulnerability from cvelistv5
Published
2014-07-23 10:00
Modified
2024-08-06 09:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:36.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "59719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59719"
},
{
"name": "60083",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60083"
},
{
"name": "68816",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68816"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-63.html"
},
{
"name": "60621",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60621"
},
{
"name": "GLSA-201504-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "1030617",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030617"
},
{
"name": "DSA-2996",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2996"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=963150"
},
{
"name": "60486",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60486"
},
{
"name": "60628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60628"
},
{
"name": "DSA-2986",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2986"
},
{
"name": "59760",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59760"
},
{
"name": "59591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59591"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-04T20:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "59719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59719"
},
{
"name": "60083",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60083"
},
{
"name": "68816",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68816"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-63.html"
},
{
"name": "60621",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60621"
},
{
"name": "GLSA-201504-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "1030617",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030617"
},
{
"name": "DSA-2996",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2996"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=963150"
},
{
"name": "60486",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60486"
},
{
"name": "60628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60628"
},
{
"name": "DSA-2986",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2986"
},
{
"name": "59760",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59760"
},
{
"name": "59591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59591"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2014-1544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "59719",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59719"
},
{
"name": "60083",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60083"
},
{
"name": "68816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68816"
},
{
"name": "http://www.mozilla.org/security/announce/2014/mfsa2014-63.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-63.html"
},
{
"name": "60621",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60621"
},
{
"name": "GLSA-201504-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "1030617",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030617"
},
{
"name": "DSA-2996",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2996"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=963150",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=963150"
},
{
"name": "60486",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60486"
},
{
"name": "60628",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60628"
},
{
"name": "DSA-2986",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2986"
},
{
"name": "59760",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59760"
},
{
"name": "59591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59591"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2014-1544",
"datePublished": "2014-07-23T10:00:00",
"dateReserved": "2014-01-16T00:00:00",
"dateUpdated": "2024-08-06T09:42:36.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12384 (GCVE-0-2018-12384)
Vulnerability from cvelistv5
Published
2019-04-29 14:22
Modified
2024-08-05 08:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use of Insufficiently Random Values
Summary
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12384 | x_refsource_CONFIRM | |
| https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NSS | Network Security Services (NSS) |
Version: All versions prior to NSS 3.39 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:31:00.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12384"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Network Security Services (NSS)",
"vendor": "NSS",
"versions": [
{
"status": "affected",
"version": "All versions prior to NSS 3.39"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When handling a SSLv2-compatible ClientHello request, the server doesn\u0027t generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Insufficiently Random Values",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-16T17:40:48",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12384"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-12384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Network Security Services (NSS)",
"version": {
"version_data": [
{
"version_value": "All versions prior to NSS 3.39"
}
]
}
}
]
},
"vendor_name": "NSS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When handling a SSLv2-compatible ClientHello request, the server doesn\u0027t generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Insufficiently Random Values"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12384",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12384"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2018-12384",
"datePublished": "2019-04-29T14:22:53",
"dateReserved": "2018-06-14T00:00:00",
"dateUpdated": "2024-08-05T08:31:00.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11697 (GCVE-0-2017-11697)
Vulnerability from cvelistv5
Published
2017-12-27 19:00
Modified
2024-08-05 18:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1039153 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/100345 | vdb-entry, x_refsource_BID | |
| http://www.geeknik.net/9brdqk6xu | x_refsource_MISC | |
| http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2017/Aug/17 | mailing-list, x_refsource_FULLDISC | |
| https://security.gentoo.org/glsa/202003-37 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:38.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039153"
},
{
"name": "100345",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100345"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.geeknik.net/9brdqk6xu"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html"
},
{
"name": "20170811 Multiple unpatched flaws exist in NSS (CVE-2017-11695, CVE-2017-11696, CVE-2017-11697, CVE-2017-11698)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Aug/17"
},
{
"name": "GLSA-202003-37",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-37"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T22:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1039153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039153"
},
{
"name": "100345",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100345"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.geeknik.net/9brdqk6xu"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html"
},
{
"name": "20170811 Multiple unpatched flaws exist in NSS (CVE-2017-11695, CVE-2017-11696, CVE-2017-11697, CVE-2017-11698)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Aug/17"
},
{
"name": "GLSA-202003-37",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-37"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039153"
},
{
"name": "100345",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100345"
},
{
"name": "http://www.geeknik.net/9brdqk6xu",
"refsource": "MISC",
"url": "http://www.geeknik.net/9brdqk6xu"
},
{
"name": "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html"
},
{
"name": "20170811 Multiple unpatched flaws exist in NSS (CVE-2017-11695, CVE-2017-11696, CVE-2017-11697, CVE-2017-11698)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Aug/17"
},
{
"name": "GLSA-202003-37",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-37"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11697",
"datePublished": "2017-12-27T19:00:00",
"dateReserved": "2017-07-27T00:00:00",
"dateUpdated": "2024-08-05T18:19:38.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1569 (GCVE-0-2014-1569)
Vulnerability from cvelistv5
Published
2014-12-15 17:27
Modified
2024-08-06 09:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as demonstrated by the SEC_QuickDERDecodeItem function's improper handling of an arbitrary-length encoding of 0x00.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:36.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1064670"
},
{
"name": "openSUSE-SU-2015:0138",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.3_release_notes"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.intelsecurity.com/resources/wp-berserk-analysis-part-1.pdf"
},
{
"name": "1032909",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032909"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name": "SUSE-SU-2015:0173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html"
},
{
"name": "SUSE-SU-2015:0171",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.imperialviolet.org/2014/09/26/pkcs1.html"
},
{
"name": "openSUSE-SU-2015:0404",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "DSA-3186",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3186"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.reddit.com/r/netsec/comments/2hd1m8/rsa_signature_forgery_in_nss/cksnr02"
},
{
"name": "SUSE-SU-2015:0180",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as demonstrated by the SEC_QuickDERDecodeItem function\u0027s improper handling of an arbitrary-length encoding of 0x00."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-21T09:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1064670"
},
{
"name": "openSUSE-SU-2015:0138",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.3_release_notes"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.intelsecurity.com/resources/wp-berserk-analysis-part-1.pdf"
},
{
"name": "1032909",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032909"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name": "SUSE-SU-2015:0173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html"
},
{
"name": "SUSE-SU-2015:0171",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.imperialviolet.org/2014/09/26/pkcs1.html"
},
{
"name": "openSUSE-SU-2015:0404",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "DSA-3186",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3186"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.reddit.com/r/netsec/comments/2hd1m8/rsa_signature_forgery_in_nss/cksnr02"
},
{
"name": "SUSE-SU-2015:0180",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2014-1569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as demonstrated by the SEC_QuickDERDecodeItem function\u0027s improper handling of an arbitrary-length encoding of 0x00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1064670",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1064670"
},
{
"name": "openSUSE-SU-2015:0138",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.3_release_notes",
"refsource": "CONFIRM",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.3_release_notes"
},
{
"name": "http://www.intelsecurity.com/resources/wp-berserk-analysis-part-1.pdf",
"refsource": "MISC",
"url": "http://www.intelsecurity.com/resources/wp-berserk-analysis-part-1.pdf"
},
{
"name": "1032909",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032909"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name": "SUSE-SU-2015:0173",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html"
},
{
"name": "SUSE-SU-2015:0171",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html"
},
{
"name": "https://www.imperialviolet.org/2014/09/26/pkcs1.html",
"refsource": "MISC",
"url": "https://www.imperialviolet.org/2014/09/26/pkcs1.html"
},
{
"name": "openSUSE-SU-2015:0404",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "DSA-3186",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3186"
},
{
"name": "https://www.reddit.com/r/netsec/comments/2hd1m8/rsa_signature_forgery_in_nss/cksnr02",
"refsource": "MISC",
"url": "https://www.reddit.com/r/netsec/comments/2hd1m8/rsa_signature_forgery_in_nss/cksnr02"
},
{
"name": "SUSE-SU-2015:0180",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2014-1569",
"datePublished": "2014-12-15T17:27:00",
"dateReserved": "2014-01-16T00:00:00",
"dateUpdated": "2024-08-06T09:42:36.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7502 (GCVE-0-2017-7502)
Vulnerability from cvelistv5
Published
2017-05-30 18:00
Modified
2024-08-05 16:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:1365 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securitytracker.com/id/1038579 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/98744 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2017:1712 | vendor-advisory, x_refsource_REDHAT | |
| http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | x_refsource_CONFIRM | |
| https://hg.mozilla.org/projects/nss/rev/55ea60effd0d | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2017:1364 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2017:1567 | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2017/dsa-3872 | vendor-advisory, x_refsource_DEBIAN |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NSS project | nss |
Version: since 3.24.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:1365",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1365"
},
{
"name": "1038579",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038579"
},
{
"name": "98744",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98744"
},
{
"name": "RHSA-2017:1712",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1712"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://hg.mozilla.org/projects/nss/rev/55ea60effd0d"
},
{
"name": "RHSA-2017:1364",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1364"
},
{
"name": "RHSA-2017:1567",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1567"
},
{
"name": "DSA-3872",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3872"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nss",
"vendor": "NSS project",
"versions": [
{
"status": "affected",
"version": "since 3.24.0"
}
]
}
],
"datePublic": "2017-01-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2017:1365",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1365"
},
{
"name": "1038579",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038579"
},
{
"name": "98744",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98744"
},
{
"name": "RHSA-2017:1712",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1712"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://hg.mozilla.org/projects/nss/rev/55ea60effd0d"
},
{
"name": "RHSA-2017:1364",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1364"
},
{
"name": "RHSA-2017:1567",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1567"
},
{
"name": "DSA-3872",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3872"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7502",
"datePublished": "2017-05-30T18:00:00",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-08-05T16:04:11.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5461 (GCVE-0-2017-5461)
Vulnerability from cvelistv5
Published
2017-05-11 01:00
Modified
2024-08-05 15:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Out-of-bounds write in Base64 encoding in NSS
Summary
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Mozilla | Thunderbird |
Version: unspecified < 52.1 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:14.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201705-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201705-04"
},
{
"name": "98050",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98050"
},
{
"name": "RHSA-2017:1103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1103"
},
{
"name": "DSA-3831",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3831"
},
{
"name": "RHSA-2017:1100",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1100"
},
{
"name": "RHSA-2017:1102",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1102"
},
{
"name": "RHSA-2017:1101",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1101"
},
{
"name": "DSA-3872",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3872"
},
{
"name": "1038320",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038320"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.4_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.5_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.4_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/#CVE-2017-5461"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1344380"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/#CVE-2017-5461"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "52.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "45.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "52.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "53",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds write in Base64 encoding in NSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T22:53:05",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "GLSA-201705-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201705-04"
},
{
"name": "98050",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98050"
},
{
"name": "RHSA-2017:1103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1103"
},
{
"name": "DSA-3831",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3831"
},
{
"name": "RHSA-2017:1100",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1100"
},
{
"name": "RHSA-2017:1102",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1102"
},
{
"name": "RHSA-2017:1101",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1101"
},
{
"name": "DSA-3872",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3872"
},
{
"name": "1038320",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038320"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.4_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.5_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.4_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/#CVE-2017-5461"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1344380"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/#CVE-2017-5461"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-5461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "52.1"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "45.9"
},
{
"version_affected": "\u003c",
"version_value": "52.1"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "53"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds write in Base64 encoding in NSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201705-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-04"
},
{
"name": "98050",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98050"
},
{
"name": "RHSA-2017:1103",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1103"
},
{
"name": "DSA-3831",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3831"
},
{
"name": "RHSA-2017:1100",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1100"
},
{
"name": "RHSA-2017:1102",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1102"
},
{
"name": "RHSA-2017:1101",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1101"
},
{
"name": "DSA-3872",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3872"
},
{
"name": "1038320",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038320"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.4_release_notes",
"refsource": "CONFIRM",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.4_release_notes"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes",
"refsource": "CONFIRM",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.5_release_notes",
"refsource": "CONFIRM",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.5_release_notes"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.4_release_notes",
"refsource": "CONFIRM",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.4_release_notes"
},
{
"name": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461"
},
{
"name": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461"
},
{
"name": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/#CVE-2017-5461",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/#CVE-2017-5461"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1344380",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1344380"
},
{
"name": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/#CVE-2017-5461",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/#CVE-2017-5461"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2017-5461",
"datePublished": "2017-05-11T01:00:00",
"dateReserved": "2017-01-13T00:00:00",
"dateUpdated": "2024-08-05T15:04:14.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1979 (GCVE-0-2016-1979)
Vulnerability from cvelistv5
Published
2016-03-13 18:00
Modified
2024-08-05 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa124"
},
{
"name": "84221",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "DSA-3688",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "DSA-3576",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3576"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1185033"
},
{
"name": "RHSA-2016:0684",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0684.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "SUSE-SU-2016:0820",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "RHSA-2016:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0685.html"
},
{
"name": "openSUSE-SU-2016:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "SUSE-SU-2016:0727",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-36.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "USN-2973-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2973-1"
},
{
"name": "RHSA-2016:0591",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0591.html"
},
{
"name": "SUSE-SU-2016:0909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "openSUSE-SU-2016:0733",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "1035215",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "SUSE-SU-2016:0777",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa124"
},
{
"name": "84221",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "DSA-3688",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "DSA-3576",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3576"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1185033"
},
{
"name": "RHSA-2016:0684",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0684.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "SUSE-SU-2016:0820",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "RHSA-2016:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0685.html"
},
{
"name": "openSUSE-SU-2016:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "SUSE-SU-2016:0727",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-36.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "USN-2973-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2973-1"
},
{
"name": "RHSA-2016:0591",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0591.html"
},
{
"name": "SUSE-SU-2016:0909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "openSUSE-SU-2016:0733",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "1035215",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "SUSE-SU-2016:0777",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-1979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bto.bluecoat.com/security-advisory/sa124",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa124"
},
{
"name": "84221",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84221"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "DSA-3688",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "DSA-3576",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3576"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1185033",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1185033"
},
{
"name": "RHSA-2016:0684",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0684.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "SUSE-SU-2016:0820",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "RHSA-2016:0685",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0685.html"
},
{
"name": "openSUSE-SU-2016:0731",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "SUSE-SU-2016:0727",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes",
"refsource": "MISC",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-36.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-36.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "USN-2973-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2973-1"
},
{
"name": "RHSA-2016:0591",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0591.html"
},
{
"name": "SUSE-SU-2016:0909",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "openSUSE-SU-2016:0733",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "1035215",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "SUSE-SU-2016:0777",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "GLSA-201605-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-1979",
"datePublished": "2016-03-13T18:00:00",
"dateReserved": "2016-01-20T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7181 (GCVE-0-2015-7181)
Vulnerability from cvelistv5
Published
2015-11-05 02:00
Modified
2024-08-06 07:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:44.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "1034069",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034069"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa119"
},
{
"name": "DSA-3688",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "DSA-3410",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3410"
},
{
"name": "SUSE-SU-2015:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1192028"
},
{
"name": "GLSA-201512-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "SUSE-SU-2015:1981",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"
},
{
"name": "openSUSE-SU-2015:2229",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes"
},
{
"name": "USN-2785-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2785-1"
},
{
"name": "USN-2791-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2791-1"
},
{
"name": "SUSE-SU-2015:1926",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "RHSA-2015:1981",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html"
},
{
"name": "USN-2819-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2819-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes"
},
{
"name": "openSUSE-SU-2015:1942",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"
},
{
"name": "RHSA-2015:1980",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html"
},
{
"name": "DSA-3393",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3393"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html"
},
{
"name": "77416",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77416"
},
{
"name": "openSUSE-SU-2015:2245",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "SSA:2015-310-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.399753"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html"
},
{
"name": "SUSE-SU-2015:1978",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a \"use-after-poison\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "1034069",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034069"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa119"
},
{
"name": "DSA-3688",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "DSA-3410",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3410"
},
{
"name": "SUSE-SU-2015:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1192028"
},
{
"name": "GLSA-201512-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "SUSE-SU-2015:1981",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"
},
{
"name": "openSUSE-SU-2015:2229",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes"
},
{
"name": "USN-2785-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2785-1"
},
{
"name": "USN-2791-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2791-1"
},
{
"name": "SUSE-SU-2015:1926",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "RHSA-2015:1981",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html"
},
{
"name": "USN-2819-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2819-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes"
},
{
"name": "openSUSE-SU-2015:1942",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"
},
{
"name": "RHSA-2015:1980",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html"
},
{
"name": "DSA-3393",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3393"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html"
},
{
"name": "77416",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77416"
},
{
"name": "openSUSE-SU-2015:2245",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "SSA:2015-310-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.399753"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html"
},
{
"name": "SUSE-SU-2015:1978",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2015-7181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a \"use-after-poison\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "1034069",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034069"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa119",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa119"
},
{
"name": "DSA-3688",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "DSA-3410",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3410"
},
{
"name": "SUSE-SU-2015:2081",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1192028",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1192028"
},
{
"name": "GLSA-201512-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "SUSE-SU-2015:1981",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"
},
{
"name": "openSUSE-SU-2015:2229",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes",
"refsource": "CONFIRM",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes"
},
{
"name": "USN-2785-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2785-1"
},
{
"name": "USN-2791-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2791-1"
},
{
"name": "SUSE-SU-2015:1926",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "RHSA-2015:1981",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html"
},
{
"name": "USN-2819-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2819-1"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes",
"refsource": "CONFIRM",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes"
},
{
"name": "openSUSE-SU-2015:1942",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"
},
{
"name": "RHSA-2015:1980",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html"
},
{
"name": "DSA-3393",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3393"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes",
"refsource": "CONFIRM",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes"
},
{
"name": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html"
},
{
"name": "77416",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77416"
},
{
"name": "openSUSE-SU-2015:2245",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"
},
{
"name": "GLSA-201605-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "SSA:2015-310-02",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.399753"
},
{
"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html"
},
{
"name": "SUSE-SU-2015:1978",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2015-7181",
"datePublished": "2015-11-05T02:00:00",
"dateReserved": "2015-09-16T00:00:00",
"dateUpdated": "2024-08-06T07:43:44.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0008 (GCVE-0-2007-0008)
Vulnerability from cvelistv5
Published
2007-02-26 20:00
Modified
2024-08-07 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:37.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2007:0078",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"
},
{
"name": "24562",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24562"
},
{
"name": "25597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25597"
},
{
"name": "GLSA-200703-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml"
},
{
"name": "FEDORA-2007-278",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2709"
},
{
"name": "24703",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24703"
},
{
"name": "24395",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24395"
},
{
"name": "20070226 rPSA-2007-0040-1 firefox",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"
},
{
"name": "FEDORA-2007-308",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2747"
},
{
"name": "24328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24328"
},
{
"name": "RHSA-2007:0108",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"
},
{
"name": "24277",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24277"
},
{
"name": "24252",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24252"
},
{
"name": "SSA:2007-066-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.374851"
},
{
"name": "24384",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24384"
},
{
"name": "24406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24406"
},
{
"name": "24457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24457"
},
{
"name": "24253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24253"
},
{
"name": "MDKSA-2007:052",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:052"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=364319"
},
{
"name": "24343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24343"
},
{
"name": "DSA-1336",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1336"
},
{
"name": "HPSBUX02153",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "ADV-2007-1165",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1165"
},
{
"name": "1017696",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017696"
},
{
"name": "102945",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1"
},
{
"name": "ADV-2007-0718",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0718"
},
{
"name": "FEDORA-2007-279",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2711"
},
{
"name": "FEDORA-2007-309",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2749"
},
{
"name": "GLSA-200703-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-18.xml"
},
{
"name": "24650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24650"
},
{
"name": "USN-428-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-428-1"
},
{
"name": "24320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24320"
},
{
"name": "25588",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25588"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1103"
},
{
"name": "SUSE-SA:2007:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"
},
{
"name": "20070303 rPSA-2007-0040-3 firefox thunderbird",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"
},
{
"name": "32105",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/32105"
},
{
"name": "SUSE-SA:2007:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"
},
{
"name": "24293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24293"
},
{
"name": "24238",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24238"
},
{
"name": "SSA:2007-066-04",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.363947"
},
{
"name": "24456",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24456"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-06.html"
},
{
"name": "24342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24342"
},
{
"name": "24287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24287"
},
{
"name": "24522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24522"
},
{
"name": "102856",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1"
},
{
"name": "20070223 Mozilla Network Security Services SSLv2 Client Integer Underflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482"
},
{
"name": "VU#377812",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/377812"
},
{
"name": "22694",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22694"
},
{
"name": "SSRT061181",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "ADV-2007-0719",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0719"
},
{
"name": "nss-mastersecret-bo(32666)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32666"
},
{
"name": "FEDORA-2007-281",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2713"
},
{
"name": "USN-431-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-431-1"
},
{
"name": "RHSA-2007:0097",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"
},
{
"name": "FEDORA-2007-293",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2728"
},
{
"name": "20070301-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"
},
{
"name": "oval:org.mitre.oval:def:10502",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10502"
},
{
"name": "24205",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24205"
},
{
"name": "24389",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24389"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1081"
},
{
"name": "24410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24410"
},
{
"name": "24333",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24333"
},
{
"name": "ADV-2007-2141",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2141"
},
{
"name": "MDKSA-2007:050",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"
},
{
"name": "64758",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "24290",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24290"
},
{
"name": "24455",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24455"
},
{
"name": "RHSA-2007:0077",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"
},
{
"name": "20070202-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name": "SSA:2007-066-05",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
},
{
"name": "RHSA-2007:0079",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the \"Master Secret\", which results in a heap-based overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2007:0078",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"
},
{
"name": "24562",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24562"
},
{
"name": "25597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25597"
},
{
"name": "GLSA-200703-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml"
},
{
"name": "FEDORA-2007-278",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2709"
},
{
"name": "24703",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24703"
},
{
"name": "24395",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24395"
},
{
"name": "20070226 rPSA-2007-0040-1 firefox",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"
},
{
"name": "FEDORA-2007-308",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2747"
},
{
"name": "24328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24328"
},
{
"name": "RHSA-2007:0108",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"
},
{
"name": "24277",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24277"
},
{
"name": "24252",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24252"
},
{
"name": "SSA:2007-066-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.374851"
},
{
"name": "24384",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24384"
},
{
"name": "24406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24406"
},
{
"name": "24457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24457"
},
{
"name": "24253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24253"
},
{
"name": "MDKSA-2007:052",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:052"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=364319"
},
{
"name": "24343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24343"
},
{
"name": "DSA-1336",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1336"
},
{
"name": "HPSBUX02153",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "ADV-2007-1165",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1165"
},
{
"name": "1017696",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017696"
},
{
"name": "102945",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1"
},
{
"name": "ADV-2007-0718",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0718"
},
{
"name": "FEDORA-2007-279",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2711"
},
{
"name": "FEDORA-2007-309",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2749"
},
{
"name": "GLSA-200703-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-18.xml"
},
{
"name": "24650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24650"
},
{
"name": "USN-428-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-428-1"
},
{
"name": "24320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24320"
},
{
"name": "25588",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25588"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1103"
},
{
"name": "SUSE-SA:2007:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"
},
{
"name": "20070303 rPSA-2007-0040-3 firefox thunderbird",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"
},
{
"name": "32105",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/32105"
},
{
"name": "SUSE-SA:2007:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"
},
{
"name": "24293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24293"
},
{
"name": "24238",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24238"
},
{
"name": "SSA:2007-066-04",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.363947"
},
{
"name": "24456",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24456"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-06.html"
},
{
"name": "24342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24342"
},
{
"name": "24287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24287"
},
{
"name": "24522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24522"
},
{
"name": "102856",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1"
},
{
"name": "20070223 Mozilla Network Security Services SSLv2 Client Integer Underflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482"
},
{
"name": "VU#377812",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/377812"
},
{
"name": "22694",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22694"
},
{
"name": "SSRT061181",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "ADV-2007-0719",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0719"
},
{
"name": "nss-mastersecret-bo(32666)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32666"
},
{
"name": "FEDORA-2007-281",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2713"
},
{
"name": "USN-431-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-431-1"
},
{
"name": "RHSA-2007:0097",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"
},
{
"name": "FEDORA-2007-293",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2728"
},
{
"name": "20070301-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"
},
{
"name": "oval:org.mitre.oval:def:10502",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10502"
},
{
"name": "24205",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24205"
},
{
"name": "24389",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24389"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1081"
},
{
"name": "24410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24410"
},
{
"name": "24333",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24333"
},
{
"name": "ADV-2007-2141",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2141"
},
{
"name": "MDKSA-2007:050",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"
},
{
"name": "64758",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "24290",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24290"
},
{
"name": "24455",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24455"
},
{
"name": "RHSA-2007:0077",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"
},
{
"name": "20070202-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name": "SSA:2007-066-05",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
},
{
"name": "RHSA-2007:0079",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-0008",
"datePublished": "2007-02-26T20:00:00",
"dateReserved": "2006-12-19T00:00:00",
"dateUpdated": "2024-08-07T12:03:37.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2409 (GCVE-0-2009-2409)
Vulnerability from cvelistv5
Published
2009-07-30 19:00
Modified
2024-08-07 05:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36139"
},
{
"name": "36157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36157"
},
{
"name": "MDVSA-2009:197",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197"
},
{
"name": "MDVSA-2009:216",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216"
},
{
"name": "DSA-1888",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2009/dsa-1888"
},
{
"name": "oval:org.mitre.oval:def:8594",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594"
},
{
"name": "GLSA-200911-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"name": "36434",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36434"
},
{
"name": "GLSA-200912-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
},
{
"name": "1022631",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022631"
},
{
"name": "42467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42467"
},
{
"name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
},
{
"name": "RHSA-2009:1207",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1207.html"
},
{
"name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
},
{
"name": "36669",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36669"
},
{
"name": "RHSA-2009:1432",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1432.html"
},
{
"name": "USN-810-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-810-1"
},
{
"name": "oval:org.mitre.oval:def:10763",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763"
},
{
"name": "MDVSA-2009:258",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:258"
},
{
"name": "USN-810-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/810-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://java.sun.com/javase/6/webnotes/6u17.html"
},
{
"name": "oval:org.mitre.oval:def:7155",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155"
},
{
"name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
},
{
"name": "ADV-2010-3126",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3126"
},
{
"name": "RHSA-2010:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
},
{
"name": "oval:org.mitre.oval:def:6631",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "MDVSA-2010:084",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
},
{
"name": "37386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37386"
},
{
"name": "ADV-2009-2085",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2085"
},
{
"name": "DSA-1874",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1874"
},
{
"name": "36739",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36739"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3937"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "36139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36139"
},
{
"name": "36157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36157"
},
{
"name": "MDVSA-2009:197",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197"
},
{
"name": "MDVSA-2009:216",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216"
},
{
"name": "DSA-1888",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2009/dsa-1888"
},
{
"name": "oval:org.mitre.oval:def:8594",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594"
},
{
"name": "GLSA-200911-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"name": "36434",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36434"
},
{
"name": "GLSA-200912-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
},
{
"name": "1022631",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022631"
},
{
"name": "42467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42467"
},
{
"name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
},
{
"name": "RHSA-2009:1207",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1207.html"
},
{
"name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
},
{
"name": "36669",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36669"
},
{
"name": "RHSA-2009:1432",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1432.html"
},
{
"name": "USN-810-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-810-1"
},
{
"name": "oval:org.mitre.oval:def:10763",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763"
},
{
"name": "MDVSA-2009:258",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:258"
},
{
"name": "USN-810-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/810-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://java.sun.com/javase/6/webnotes/6u17.html"
},
{
"name": "oval:org.mitre.oval:def:7155",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155"
},
{
"name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
},
{
"name": "ADV-2010-3126",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3126"
},
{
"name": "RHSA-2010:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
},
{
"name": "oval:org.mitre.oval:def:6631",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "MDVSA-2010:084",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
},
{
"name": "37386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37386"
},
{
"name": "ADV-2009-2085",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2085"
},
{
"name": "DSA-1874",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1874"
},
{
"name": "36739",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36739"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3937"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-2409",
"datePublished": "2009-07-30T19:00:00",
"dateReserved": "2009-07-09T00:00:00",
"dateUpdated": "2024-08-07T05:52:14.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25648 (GCVE-0-2020-25648)
Vulnerability from cvelistv5
Published
2020-10-20 00:00
Modified
2024-08-04 15:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887319"
},
{
"tags": [
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes"
},
{
"name": "FEDORA-2020-f29254bd5e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RPOLN6DJUYQ3QBQEGLZGV73SNIPK7GHV/"
},
{
"name": "FEDORA-2020-bb91bf9b8e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRM53IQCPZT2US3M7JXTP6I6IBA5RGOD/"
},
{
"name": "FEDORA-2020-a857113c7a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERA5SVJQXQMDGES7RIT4F4NQVLD35RXN/"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "[debian-lts-announce] 20231028 [SECURITY] [DLA 3634-1] nss security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00039.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nss",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "nss versions before 3.58"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-28T16:06:14.476238",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887319"
},
{
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes"
},
{
"name": "FEDORA-2020-f29254bd5e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RPOLN6DJUYQ3QBQEGLZGV73SNIPK7GHV/"
},
{
"name": "FEDORA-2020-bb91bf9b8e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRM53IQCPZT2US3M7JXTP6I6IBA5RGOD/"
},
{
"name": "FEDORA-2020-a857113c7a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERA5SVJQXQMDGES7RIT4F4NQVLD35RXN/"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "[debian-lts-announce] 20231028 [SECURITY] [DLA 3634-1] nss security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00039.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-25648",
"datePublished": "2020-10-20T00:00:00",
"dateReserved": "2020-09-16T00:00:00",
"dateUpdated": "2024-08-04T15:40:36.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1620 (GCVE-0-2013-1620)
Vulnerability from cvelistv5
Published
2013-02-08 19:00
Modified
2024-08-06 15:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:04:49.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "57777",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57777"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
},
{
"name": "openSUSE-SU-2013:0630",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html"
},
{
"name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "USN-1763-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1763-1"
},
{
"name": "GLSA-201406-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
},
{
"name": "RHSA-2013:1135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1135.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "RHSA-2013:1144",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1144.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "openSUSE-SU-2013:0631",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html"
},
{
"name": "64758",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64758"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "57777",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57777"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
},
{
"name": "openSUSE-SU-2013:0630",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html"
},
{
"name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "USN-1763-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1763-1"
},
{
"name": "GLSA-201406-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
},
{
"name": "RHSA-2013:1135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1135.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "RHSA-2013:1144",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1144.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "openSUSE-SU-2013:0631",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html"
},
{
"name": "64758",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64758"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "57777",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57777"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf",
"refsource": "MISC",
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
},
{
"name": "openSUSE-SU-2013:0630",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html"
},
{
"name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "USN-1763-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1763-1"
},
{
"name": "GLSA-201406-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
},
{
"name": "RHSA-2013:1135",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1135.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "RHSA-2013:1144",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1144.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "openSUSE-SU-2013:0631",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html"
},
{
"name": "64758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1620",
"datePublished": "2013-02-08T19:00:00",
"dateReserved": "2013-02-05T00:00:00",
"dateUpdated": "2024-08-06T15:04:49.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0791 (GCVE-0-2013-0791)
Vulnerability from cvelistv5
Published
2013-04-03 10:00
Modified
2024-08-06 14:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:41:47.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "SUSE-SU-2013:0850",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html"
},
{
"name": "USN-1791-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1791-1"
},
{
"name": "oval:org.mitre.oval:def:17150",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17150"
},
{
"name": "openSUSE-SU-2013:0630",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html"
},
{
"name": "RHSA-2013:1135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1135.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-40.html"
},
{
"name": "58826",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58826"
},
{
"name": "RHSA-2013:1144",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1144.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "openSUSE-SU-2013:0631",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=629816"
},
{
"name": "SUSE-SU-2013:0645",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "SUSE-SU-2013:0850",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html"
},
{
"name": "USN-1791-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1791-1"
},
{
"name": "oval:org.mitre.oval:def:17150",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17150"
},
{
"name": "openSUSE-SU-2013:0630",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html"
},
{
"name": "RHSA-2013:1135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1135.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-40.html"
},
{
"name": "58826",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58826"
},
{
"name": "RHSA-2013:1144",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1144.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "openSUSE-SU-2013:0631",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=629816"
},
{
"name": "SUSE-SU-2013:0645",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2013-0791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "SUSE-SU-2013:0850",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html"
},
{
"name": "USN-1791-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1791-1"
},
{
"name": "oval:org.mitre.oval:def:17150",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17150"
},
{
"name": "openSUSE-SU-2013:0630",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html"
},
{
"name": "RHSA-2013:1135",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1135.html"
},
{
"name": "http://www.mozilla.org/security/announce/2013/mfsa2013-40.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-40.html"
},
{
"name": "58826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58826"
},
{
"name": "RHSA-2013:1144",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1144.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "openSUSE-SU-2013:0631",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=629816",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=629816"
},
{
"name": "SUSE-SU-2013:0645",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2013-0791",
"datePublished": "2013-04-03T10:00:00",
"dateReserved": "2013-01-02T00:00:00",
"dateUpdated": "2024-08-06T14:41:47.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0826 (GCVE-0-2004-0826)
Vulnerability from cvelistv5
Published
2004-09-02 04:00
Modified
2024-08-08 00:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/11015 | vdb-entry, x_refsource_BID | |
| http://xforce.iss.net/xforce/alerts/id/180 | third-party-advisory, x_refsource_ISS | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16314 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=109351293827731&w=2 | vendor-advisory, x_refsource_HP |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11015",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11015"
},
{
"name": "20040823 Netscape NSS Library Remote Compromise",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://xforce.iss.net/xforce/alerts/id/180"
},
{
"name": "sslv2-client-hello-overflow(16314)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16314"
},
{
"name": "SSRT4779",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109351293827731\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11015",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11015"
},
{
"name": "20040823 Netscape NSS Library Remote Compromise",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://xforce.iss.net/xforce/alerts/id/180"
},
{
"name": "sslv2-client-hello-overflow(16314)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16314"
},
{
"name": "SSRT4779",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109351293827731\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11015"
},
{
"name": "20040823 Netscape NSS Library Remote Compromise",
"refsource": "ISS",
"url": "http://xforce.iss.net/xforce/alerts/id/180"
},
{
"name": "sslv2-client-hello-overflow(16314)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16314"
},
{
"name": "SSRT4779",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=109351293827731\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0826",
"datePublished": "2004-09-02T04:00:00",
"dateReserved": "2004-08-27T00:00:00",
"dateUpdated": "2024-08-08T00:31:47.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0009 (GCVE-0-2007-0009)
Vulnerability from cvelistv5
Published
2007-02-26 20:00
Modified
2024-08-07 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:36.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2007:0078",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"
},
{
"name": "24562",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24562"
},
{
"name": "25597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25597"
},
{
"name": "GLSA-200703-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml"
},
{
"name": "FEDORA-2007-278",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2709"
},
{
"name": "24703",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24703"
},
{
"name": "24395",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24395"
},
{
"name": "20070223 Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483"
},
{
"name": "20070226 rPSA-2007-0040-1 firefox",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"
},
{
"name": "FEDORA-2007-308",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2747"
},
{
"name": "RHSA-2007:0108",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"
},
{
"name": "24277",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24277"
},
{
"name": "SSA:2007-066-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.374851"
},
{
"name": "24384",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24384"
},
{
"name": "24406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24406"
},
{
"name": "24457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24457"
},
{
"name": "24253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24253"
},
{
"name": "MDKSA-2007:052",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:052"
},
{
"name": "24343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24343"
},
{
"name": "DSA-1336",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1336"
},
{
"name": "VU#592796",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/592796"
},
{
"name": "HPSBUX02153",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "ADV-2007-1165",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1165"
},
{
"name": "1017696",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017696"
},
{
"name": "102945",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1"
},
{
"name": "ADV-2007-0718",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0718"
},
{
"name": "FEDORA-2007-279",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2711"
},
{
"name": "FEDORA-2007-309",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2749"
},
{
"name": "GLSA-200703-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-18.xml"
},
{
"name": "24650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24650"
},
{
"name": "USN-428-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-428-1"
},
{
"name": "25588",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25588"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1103"
},
{
"name": "SUSE-SA:2007:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"
},
{
"name": "20070303 rPSA-2007-0040-3 firefox thunderbird",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"
},
{
"name": "SUSE-SA:2007:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"
},
{
"name": "24293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24293"
},
{
"name": "SSA:2007-066-04",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.363947"
},
{
"name": "24456",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24456"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-06.html"
},
{
"name": "24342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24342"
},
{
"name": "24287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24287"
},
{
"name": "24522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24522"
},
{
"name": "102856",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=364323"
},
{
"name": "SSRT061181",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "ADV-2007-0719",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0719"
},
{
"name": "USN-431-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-431-1"
},
{
"name": "RHSA-2007:0097",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"
},
{
"name": "20070301-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"
},
{
"name": "oval:org.mitre.oval:def:10174",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10174"
},
{
"name": "24389",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24389"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1081"
},
{
"name": "24410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24410"
},
{
"name": "32106",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/32106"
},
{
"name": "24333",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24333"
},
{
"name": "nss-clientmasterkey-bo(32663)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32663"
},
{
"name": "ADV-2007-2141",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2141"
},
{
"name": "MDKSA-2007:050",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"
},
{
"name": "64758",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "24290",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24290"
},
{
"name": "24455",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24455"
},
{
"name": "RHSA-2007:0077",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"
},
{
"name": "20070202-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name": "SSA:2007-066-05",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
},
{
"name": "RHSA-2007:0079",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid \"Client Master Key\" length values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2007:0078",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"
},
{
"name": "24562",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24562"
},
{
"name": "25597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25597"
},
{
"name": "GLSA-200703-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml"
},
{
"name": "FEDORA-2007-278",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2709"
},
{
"name": "24703",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24703"
},
{
"name": "24395",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24395"
},
{
"name": "20070223 Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483"
},
{
"name": "20070226 rPSA-2007-0040-1 firefox",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"
},
{
"name": "FEDORA-2007-308",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2747"
},
{
"name": "RHSA-2007:0108",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"
},
{
"name": "24277",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24277"
},
{
"name": "SSA:2007-066-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.374851"
},
{
"name": "24384",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24384"
},
{
"name": "24406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24406"
},
{
"name": "24457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24457"
},
{
"name": "24253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24253"
},
{
"name": "MDKSA-2007:052",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:052"
},
{
"name": "24343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24343"
},
{
"name": "DSA-1336",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1336"
},
{
"name": "VU#592796",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/592796"
},
{
"name": "HPSBUX02153",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "ADV-2007-1165",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1165"
},
{
"name": "1017696",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017696"
},
{
"name": "102945",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1"
},
{
"name": "ADV-2007-0718",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0718"
},
{
"name": "FEDORA-2007-279",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2711"
},
{
"name": "FEDORA-2007-309",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2749"
},
{
"name": "GLSA-200703-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-18.xml"
},
{
"name": "24650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24650"
},
{
"name": "USN-428-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-428-1"
},
{
"name": "25588",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25588"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1103"
},
{
"name": "SUSE-SA:2007:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"
},
{
"name": "20070303 rPSA-2007-0040-3 firefox thunderbird",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"
},
{
"name": "SUSE-SA:2007:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"
},
{
"name": "24293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24293"
},
{
"name": "SSA:2007-066-04",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.363947"
},
{
"name": "24456",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24456"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-06.html"
},
{
"name": "24342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24342"
},
{
"name": "24287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24287"
},
{
"name": "24522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24522"
},
{
"name": "102856",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=364323"
},
{
"name": "SSRT061181",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "ADV-2007-0719",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0719"
},
{
"name": "USN-431-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-431-1"
},
{
"name": "RHSA-2007:0097",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"
},
{
"name": "20070301-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"
},
{
"name": "oval:org.mitre.oval:def:10174",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10174"
},
{
"name": "24389",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24389"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1081"
},
{
"name": "24410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24410"
},
{
"name": "32106",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/32106"
},
{
"name": "24333",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24333"
},
{
"name": "nss-clientmasterkey-bo(32663)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32663"
},
{
"name": "ADV-2007-2141",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2141"
},
{
"name": "MDKSA-2007:050",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"
},
{
"name": "64758",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "24290",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24290"
},
{
"name": "24455",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24455"
},
{
"name": "RHSA-2007:0077",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"
},
{
"name": "20070202-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name": "SSA:2007-066-05",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
},
{
"name": "RHSA-2007:0079",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-0009",
"datePublished": "2007-02-26T20:00:00",
"dateReserved": "2006-12-19T00:00:00",
"dateUpdated": "2024-08-07T12:03:36.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0441 (GCVE-0-2012-0441)
Vulnerability from cvelistv5
Published
2012-06-05 23:00
Modified
2024-08-06 18:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:31.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-39.html"
},
{
"name": "49976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49976"
},
{
"name": "USN-1540-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1540-2"
},
{
"name": "MDVSA-2012:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:088"
},
{
"name": "oval:org.mitre.oval:def:16701",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16701"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=715073"
},
{
"name": "53798",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53798"
},
{
"name": "DSA-2490",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2490"
},
{
"name": "SUSE-SU-2012:0746",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html"
},
{
"name": "openSUSE-SU-2012:0760",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html"
},
{
"name": "50316",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50316"
},
{
"name": "USN-1540-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1540-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-39.html"
},
{
"name": "49976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49976"
},
{
"name": "USN-1540-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1540-2"
},
{
"name": "MDVSA-2012:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:088"
},
{
"name": "oval:org.mitre.oval:def:16701",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16701"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=715073"
},
{
"name": "53798",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53798"
},
{
"name": "DSA-2490",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2490"
},
{
"name": "SUSE-SU-2012:0746",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html"
},
{
"name": "openSUSE-SU-2012:0760",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html"
},
{
"name": "50316",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50316"
},
{
"name": "USN-1540-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1540-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "http://www.mozilla.org/security/announce/2012/mfsa2012-39.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-39.html"
},
{
"name": "49976",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49976"
},
{
"name": "USN-1540-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1540-2"
},
{
"name": "MDVSA-2012:088",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:088"
},
{
"name": "oval:org.mitre.oval:def:16701",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16701"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=715073",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=715073"
},
{
"name": "53798",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53798"
},
{
"name": "DSA-2490",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2490"
},
{
"name": "SUSE-SU-2012:0746",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html"
},
{
"name": "openSUSE-SU-2012:0760",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html"
},
{
"name": "50316",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50316"
},
{
"name": "USN-1540-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1540-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0441",
"datePublished": "2012-06-05T23:00:00",
"dateReserved": "2012-01-09T00:00:00",
"dateUpdated": "2024-08-06T18:23:31.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2730 (GCVE-0-2015-2730)
Vulnerability from cvelistv5
Published
2015-07-06 01:00
Modified
2024-08-06 05:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:24:38.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "openSUSE-SU-2015:1229",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
},
{
"name": "SUSE-SU-2015:1268",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
},
{
"name": "83399",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/83399"
},
{
"name": "GLSA-201512-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"name": "DSA-3336",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3336"
},
{
"name": "75541",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75541"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "USN-2672-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2672-1"
},
{
"name": "RHSA-2015:1699",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1699.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-64.html"
},
{
"name": "SUSE-SU-2015:1269",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes"
},
{
"name": "openSUSE-SU-2015:1266",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1125025"
},
{
"name": "RHSA-2015:1664",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1664.html"
},
{
"name": "USN-2656-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2656-1"
},
{
"name": "SUSE-SU-2015:1449",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
},
{
"name": "1032783",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032783"
},
{
"name": "USN-2656-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2656-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "openSUSE-SU-2015:1229",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
},
{
"name": "SUSE-SU-2015:1268",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
},
{
"name": "83399",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/83399"
},
{
"name": "GLSA-201512-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"name": "DSA-3336",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3336"
},
{
"name": "75541",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75541"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "USN-2672-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2672-1"
},
{
"name": "RHSA-2015:1699",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1699.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-64.html"
},
{
"name": "SUSE-SU-2015:1269",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes"
},
{
"name": "openSUSE-SU-2015:1266",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1125025"
},
{
"name": "RHSA-2015:1664",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1664.html"
},
{
"name": "USN-2656-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2656-1"
},
{
"name": "SUSE-SU-2015:1449",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
},
{
"name": "1032783",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032783"
},
{
"name": "USN-2656-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2656-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2015-2730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "openSUSE-SU-2015:1229",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
},
{
"name": "SUSE-SU-2015:1268",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
},
{
"name": "83399",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83399"
},
{
"name": "GLSA-201512-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"name": "DSA-3336",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3336"
},
{
"name": "75541",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75541"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "USN-2672-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2672-1"
},
{
"name": "RHSA-2015:1699",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1699.html"
},
{
"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-64.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-64.html"
},
{
"name": "SUSE-SU-2015:1269",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
},
{
"name": "https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes",
"refsource": "CONFIRM",
"url": "https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes"
},
{
"name": "openSUSE-SU-2015:1266",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1125025",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1125025"
},
{
"name": "RHSA-2015:1664",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1664.html"
},
{
"name": "USN-2656-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2656-1"
},
{
"name": "SUSE-SU-2015:1449",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
},
{
"name": "1032783",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032783"
},
{
"name": "USN-2656-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2656-2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2015-2730",
"datePublished": "2015-07-06T01:00:00",
"dateReserved": "2015-03-25T00:00:00",
"dateUpdated": "2024-08-06T05:24:38.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1491 (GCVE-0-2014-1491)
Vulnerability from cvelistv5
Published
2014-02-06 02:00
Modified
2024-08-06 09:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:36.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2119-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2119-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "1029721",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029721"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.mozilla.org/projects/nss/rev/12c42006aed8"
},
{
"name": "openSUSE-SU-2014:0212",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html"
},
{
"name": "firefox-nss-cve20141491-unspecified(90886)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90886"
},
{
"name": "1029717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029717"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "DSA-2994",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2994"
},
{
"name": "65332",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65332"
},
{
"name": "56922",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56922"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=934545"
},
{
"name": "1029720",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029720"
},
{
"name": "56858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56858"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "DSA-2858",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2858"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "USN-2102-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2102-2"
},
{
"name": "GLSA-201504-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-12.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "56888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56888"
},
{
"name": "FEDORA-2014-2083",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html"
},
{
"name": "openSUSE-SU-2014:0419",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "FEDORA-2014-2041",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html"
},
{
"name": "SUSE-SU-2014:0248",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html"
},
{
"name": "openSUSE-SU-2014:0213",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html"
},
{
"name": "USN-2102-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2102-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "USN-2119-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2119-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "1029721",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029721"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.mozilla.org/projects/nss/rev/12c42006aed8"
},
{
"name": "openSUSE-SU-2014:0212",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html"
},
{
"name": "firefox-nss-cve20141491-unspecified(90886)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90886"
},
{
"name": "1029717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029717"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "DSA-2994",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2994"
},
{
"name": "65332",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65332"
},
{
"name": "56922",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56922"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=934545"
},
{
"name": "1029720",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029720"
},
{
"name": "56858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56858"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "DSA-2858",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2858"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "USN-2102-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2102-2"
},
{
"name": "GLSA-201504-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-12.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "56888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56888"
},
{
"name": "FEDORA-2014-2083",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html"
},
{
"name": "openSUSE-SU-2014:0419",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "FEDORA-2014-2041",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html"
},
{
"name": "SUSE-SU-2014:0248",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html"
},
{
"name": "openSUSE-SU-2014:0213",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html"
},
{
"name": "USN-2102-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2102-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2014-1491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2119-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2119-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "1029721",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029721"
},
{
"name": "http://hg.mozilla.org/projects/nss/rev/12c42006aed8",
"refsource": "CONFIRM",
"url": "http://hg.mozilla.org/projects/nss/rev/12c42006aed8"
},
{
"name": "openSUSE-SU-2014:0212",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html"
},
{
"name": "firefox-nss-cve20141491-unspecified(90886)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90886"
},
{
"name": "1029717",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029717"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "DSA-2994",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2994"
},
{
"name": "65332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65332"
},
{
"name": "56922",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56922"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=934545",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=934545"
},
{
"name": "1029720",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029720"
},
{
"name": "56858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56858"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "DSA-2858",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2858"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "USN-2102-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2102-2"
},
{
"name": "GLSA-201504-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "http://www.mozilla.org/security/announce/2014/mfsa2014-12.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-12.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "56888",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56888"
},
{
"name": "FEDORA-2014-2083",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html"
},
{
"name": "openSUSE-SU-2014:0419",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "FEDORA-2014-2041",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html"
},
{
"name": "SUSE-SU-2014:0248",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html"
},
{
"name": "openSUSE-SU-2014:0213",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html"
},
{
"name": "USN-2102-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2102-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2014-1491",
"datePublished": "2014-02-06T02:00:00",
"dateReserved": "2014-01-16T00:00:00",
"dateUpdated": "2024-08-06T09:42:36.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1490 (GCVE-0-2014-1490)
Vulnerability from cvelistv5
Published
2014-02-06 02:00
Modified
2024-08-06 09:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:36.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2119-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2119-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "65335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65335"
},
{
"name": "1029721",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029721"
},
{
"name": "openSUSE-SU-2014:0212",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html"
},
{
"name": "1029717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029717"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://8pecxstudios.com/?page_id=44080"
},
{
"name": "56922",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56922"
},
{
"name": "56787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56787"
},
{
"name": "1029720",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029720"
},
{
"name": "56858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56858"
},
{
"name": "102876",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/102876"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "DSA-2858",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2858"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=930874"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "USN-2102-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2102-2"
},
{
"name": "GLSA-201504-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-12.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "56888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56888"
},
{
"name": "FEDORA-2014-2083",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html"
},
{
"name": "openSUSE-SU-2014:0419",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html"
},
{
"name": "mozilla-nss-cve20141490-code-exec(90885)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90885"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "FEDORA-2014-2041",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html"
},
{
"name": "SUSE-SU-2014:0248",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html"
},
{
"name": "openSUSE-SU-2014:0213",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html"
},
{
"name": "USN-2102-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2102-1"
},
{
"name": "56767",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56767"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=930857"
},
{
"name": "56706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56706"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "USN-2119-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2119-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "65335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65335"
},
{
"name": "1029721",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029721"
},
{
"name": "openSUSE-SU-2014:0212",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html"
},
{
"name": "1029717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029717"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://8pecxstudios.com/?page_id=44080"
},
{
"name": "56922",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56922"
},
{
"name": "56787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56787"
},
{
"name": "1029720",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029720"
},
{
"name": "56858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56858"
},
{
"name": "102876",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/102876"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "DSA-2858",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2858"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=930874"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "USN-2102-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2102-2"
},
{
"name": "GLSA-201504-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-12.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "56888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56888"
},
{
"name": "FEDORA-2014-2083",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html"
},
{
"name": "openSUSE-SU-2014:0419",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html"
},
{
"name": "mozilla-nss-cve20141490-code-exec(90885)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90885"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "FEDORA-2014-2041",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html"
},
{
"name": "SUSE-SU-2014:0248",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html"
},
{
"name": "openSUSE-SU-2014:0213",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html"
},
{
"name": "USN-2102-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2102-1"
},
{
"name": "56767",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56767"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=930857"
},
{
"name": "56706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56706"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2014-1490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2119-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2119-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "65335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65335"
},
{
"name": "1029721",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029721"
},
{
"name": "openSUSE-SU-2014:0212",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html"
},
{
"name": "1029717",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029717"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "https://8pecxstudios.com/?page_id=44080",
"refsource": "CONFIRM",
"url": "https://8pecxstudios.com/?page_id=44080"
},
{
"name": "56922",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56922"
},
{
"name": "56787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56787"
},
{
"name": "1029720",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029720"
},
{
"name": "56858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56858"
},
{
"name": "102876",
"refsource": "OSVDB",
"url": "http://osvdb.org/102876"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "DSA-2858",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2858"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=930874",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=930874"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "USN-2102-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2102-2"
},
{
"name": "GLSA-201504-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "http://www.mozilla.org/security/announce/2014/mfsa2014-12.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-12.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "56888",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56888"
},
{
"name": "FEDORA-2014-2083",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html"
},
{
"name": "openSUSE-SU-2014:0419",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html"
},
{
"name": "mozilla-nss-cve20141490-code-exec(90885)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90885"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "FEDORA-2014-2041",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html"
},
{
"name": "SUSE-SU-2014:0248",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html"
},
{
"name": "openSUSE-SU-2014:0213",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html"
},
{
"name": "USN-2102-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2102-1"
},
{
"name": "56767",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56767"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=930857",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=930857"
},
{
"name": "56706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56706"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2014-1490",
"datePublished": "2014-02-06T02:00:00",
"dateReserved": "2014-01-16T00:00:00",
"dateUpdated": "2024-08-06T09:42:36.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7575 (GCVE-0-2015-7575)
Vulnerability from cvelistv5
Published
2016-01-09 02:00
Modified
2024-08-06 07:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3688",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "DSA-3457",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3457"
},
{
"name": "DSA-3491",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3491"
},
{
"name": "openSUSE-SU-2016:0272",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"
},
{
"name": "1036467",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036467"
},
{
"name": "GLSA-201701-46",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"name": "openSUSE-SU-2016:0279",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"
},
{
"name": "openSUSE-SU-2016:0161",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00058.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "USN-2884-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2884-1"
},
{
"name": "79684",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79684"
},
{
"name": "DSA-3465",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3465"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "RHSA-2016:1430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1158489"
},
{
"name": "RHSA-2016:0049",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "openSUSE-SU-2016:0270",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"
},
{
"name": "openSUSE-SU-2016:0308",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
},
{
"name": "DSA-3437",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3437"
},
{
"name": "RHSA-2016:0053",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html"
},
{
"name": "USN-2904-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2904-1"
},
{
"name": "openSUSE-SU-2015:2405",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00139.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20160225-0001/"
},
{
"name": "SUSE-SU-2016:0269",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"
},
{
"name": "DSA-3436",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3436"
},
{
"name": "openSUSE-SU-2016:0263",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"
},
{
"name": "USN-2866-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2866-1"
},
{
"name": "SUSE-SU-2016:0256",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-150.html"
},
{
"name": "RHSA-2016:0055",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html"
},
{
"name": "GLSA-201801-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201801-15"
},
{
"name": "RHSA-2016:0054",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html"
},
{
"name": "openSUSE-SU-2016:0488",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html"
},
{
"name": "GLSA-201706-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201706-18"
},
{
"name": "USN-2864-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2864-1"
},
{
"name": "openSUSE-SU-2016:0162",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00059.html"
},
{
"name": "openSUSE-SU-2016:0605",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00166.html"
},
{
"name": "RHSA-2016:0056",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html"
},
{
"name": "openSUSE-SU-2016:0268",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"
},
{
"name": "openSUSE-SU-2016:0307",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
},
{
"name": "RHSA-2016:0050",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html"
},
{
"name": "DSA-3458",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3458"
},
{
"name": "SUSE-SU-2016:0265",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"
},
{
"name": "USN-2865-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2865-1"
},
{
"name": "1034541",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034541"
},
{
"name": "openSUSE-SU-2016:0007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00005.html"
},
{
"name": "USN-2863-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2863-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-15T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-3688",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "DSA-3457",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3457"
},
{
"name": "DSA-3491",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3491"
},
{
"name": "openSUSE-SU-2016:0272",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"
},
{
"name": "1036467",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036467"
},
{
"name": "GLSA-201701-46",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"name": "openSUSE-SU-2016:0279",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"
},
{
"name": "openSUSE-SU-2016:0161",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00058.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "USN-2884-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2884-1"
},
{
"name": "79684",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79684"
},
{
"name": "DSA-3465",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3465"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "RHSA-2016:1430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1158489"
},
{
"name": "RHSA-2016:0049",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "openSUSE-SU-2016:0270",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"
},
{
"name": "openSUSE-SU-2016:0308",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
},
{
"name": "DSA-3437",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3437"
},
{
"name": "RHSA-2016:0053",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html"
},
{
"name": "USN-2904-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2904-1"
},
{
"name": "openSUSE-SU-2015:2405",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00139.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20160225-0001/"
},
{
"name": "SUSE-SU-2016:0269",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"
},
{
"name": "DSA-3436",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3436"
},
{
"name": "openSUSE-SU-2016:0263",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"
},
{
"name": "USN-2866-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2866-1"
},
{
"name": "SUSE-SU-2016:0256",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-150.html"
},
{
"name": "RHSA-2016:0055",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html"
},
{
"name": "GLSA-201801-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201801-15"
},
{
"name": "RHSA-2016:0054",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html"
},
{
"name": "openSUSE-SU-2016:0488",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html"
},
{
"name": "GLSA-201706-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201706-18"
},
{
"name": "USN-2864-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2864-1"
},
{
"name": "openSUSE-SU-2016:0162",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00059.html"
},
{
"name": "openSUSE-SU-2016:0605",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00166.html"
},
{
"name": "RHSA-2016:0056",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html"
},
{
"name": "openSUSE-SU-2016:0268",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"
},
{
"name": "openSUSE-SU-2016:0307",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
},
{
"name": "RHSA-2016:0050",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html"
},
{
"name": "DSA-3458",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3458"
},
{
"name": "SUSE-SU-2016:0265",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"
},
{
"name": "USN-2865-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2865-1"
},
{
"name": "1034541",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034541"
},
{
"name": "openSUSE-SU-2016:0007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00005.html"
},
{
"name": "USN-2863-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2863-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-7575",
"datePublished": "2016-01-09T02:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:28.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2408 (GCVE-0-2009-2408)
Vulnerability from cvelistv5
Published
2009-07-30 19:00
Modified
2024-08-07 05:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.734Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36139"
},
{
"name": "36157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36157"
},
{
"name": "1022632",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022632"
},
{
"name": "MDVSA-2009:197",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197"
},
{
"name": "SUSE-SA:2009:048",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2009_48_firefox.html"
},
{
"name": "MDVSA-2009:216",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216"
},
{
"name": "SUSE-SR:2009:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"name": "36434",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36434"
},
{
"name": "36088",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36088"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isc.sans.org/diary.html?storyid=7003"
},
{
"name": "RHSA-2009:1207",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1207.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wired.com/threatlevel/2009/07/kaminsky/"
},
{
"name": "36669",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36669"
},
{
"name": "56723",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/56723"
},
{
"name": "RHSA-2009:1432",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1432.html"
},
{
"name": "USN-810-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-810-1"
},
{
"name": "oval:org.mitre.oval:def:10751",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10751"
},
{
"name": "USN-810-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/810-2/"
},
{
"name": "oval:org.mitre.oval:def:8458",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8458"
},
{
"name": "1021030",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8\u0026r2=1.11\u0026f=h"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "36125",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36125"
},
{
"name": "37098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37098"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-42.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=510251"
},
{
"name": "ADV-2009-2085",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2085"
},
{
"name": "DSA-1874",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1874"
},
{
"name": "MDVSA-2009:217",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:217"
},
{
"name": "[oss-security] 20090903 More CVE-2009-2408 like issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "36139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36139"
},
{
"name": "36157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36157"
},
{
"name": "1022632",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022632"
},
{
"name": "MDVSA-2009:197",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197"
},
{
"name": "SUSE-SA:2009:048",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2009_48_firefox.html"
},
{
"name": "MDVSA-2009:216",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216"
},
{
"name": "SUSE-SR:2009:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"name": "36434",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36434"
},
{
"name": "36088",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36088"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isc.sans.org/diary.html?storyid=7003"
},
{
"name": "RHSA-2009:1207",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1207.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wired.com/threatlevel/2009/07/kaminsky/"
},
{
"name": "36669",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36669"
},
{
"name": "56723",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/56723"
},
{
"name": "RHSA-2009:1432",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1432.html"
},
{
"name": "USN-810-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-810-1"
},
{
"name": "oval:org.mitre.oval:def:10751",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10751"
},
{
"name": "USN-810-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/810-2/"
},
{
"name": "oval:org.mitre.oval:def:8458",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8458"
},
{
"name": "1021030",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8\u0026r2=1.11\u0026f=h"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "36125",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36125"
},
{
"name": "37098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37098"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-42.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=510251"
},
{
"name": "ADV-2009-2085",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2085"
},
{
"name": "DSA-1874",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1874"
},
{
"name": "MDVSA-2009:217",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:217"
},
{
"name": "[oss-security] 20090903 More CVE-2009-2408 like issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-2408",
"datePublished": "2009-07-30T19:00:00",
"dateReserved": "2009-07-09T00:00:00",
"dateUpdated": "2024-08-07T05:52:14.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11698 (GCVE-0-2017-11698)
Vulnerability from cvelistv5
Published
2017-12-27 19:00
Modified
2024-08-05 18:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1039153 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/100345 | vdb-entry, x_refsource_BID | |
| http://www.geeknik.net/9brdqk6xu | x_refsource_MISC | |
| http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2017/Aug/17 | mailing-list, x_refsource_FULLDISC | |
| https://security.gentoo.org/glsa/202003-37 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:37.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039153"
},
{
"name": "100345",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100345"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.geeknik.net/9brdqk6xu"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html"
},
{
"name": "20170811 Multiple unpatched flaws exist in NSS (CVE-2017-11695, CVE-2017-11696, CVE-2017-11697, CVE-2017-11698)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Aug/17"
},
{
"name": "GLSA-202003-37",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-37"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T22:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1039153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039153"
},
{
"name": "100345",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100345"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.geeknik.net/9brdqk6xu"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html"
},
{
"name": "20170811 Multiple unpatched flaws exist in NSS (CVE-2017-11695, CVE-2017-11696, CVE-2017-11697, CVE-2017-11698)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Aug/17"
},
{
"name": "GLSA-202003-37",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-37"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039153"
},
{
"name": "100345",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100345"
},
{
"name": "http://www.geeknik.net/9brdqk6xu",
"refsource": "MISC",
"url": "http://www.geeknik.net/9brdqk6xu"
},
{
"name": "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html"
},
{
"name": "20170811 Multiple unpatched flaws exist in NSS (CVE-2017-11695, CVE-2017-11696, CVE-2017-11697, CVE-2017-11698)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Aug/17"
},
{
"name": "GLSA-202003-37",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-37"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11698",
"datePublished": "2017-12-27T19:00:00",
"dateReserved": "2017-07-27T00:00:00",
"dateUpdated": "2024-08-05T18:19:37.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2009-07-30 19:30
Modified
2025-04-09 00:30
Severity ?
Summary
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox | * | |
| mozilla | network_security_services | * | |
| mozilla | seamonkey | * | |
| mozilla | thunderbird | * | |
| opensuse | opensuse | * | |
| suse | linux_enterprise | 10.0 | |
| suse | linux_enterprise | 11.0 | |
| suse | linux_enterprise_server | 9 | |
| debian | debian_linux | 5.0 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 8.10 | |
| canonical | ubuntu_linux | 9.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "311A4763-8018-4394-946D-C75220572EA5",
"versionEndExcluding": "3.0.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A21F310D-7D9F-45D7-974D-C615F99FBEB8",
"versionEndExcluding": "3.12.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
"matchCriteriaId": "336E3C0C-0197-40FD-AD68-C13C518858C8",
"versionEndExcluding": "1.1.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C213A6FE-549A-4B85-BCBE-11CAF63A376C",
"versionEndExcluding": "2.0.0.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF141FBE-4CA5-4695-94A0-8BE1309D28CC",
"versionEndIncluding": "11.1",
"versionStartIncluding": "10.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise:10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "AED08A6F-CD23-4405-B1CF-C96BB8AE7D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1608E282-2E96-4447-848D-DBE915DB0EF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
"matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5."
},
{
"lang": "es",
"value": "Mozilla Firefox anterior a v3.5 y NSS anterior a v3.12.3 no tratan apropiadamente un car\u00e1cter \u0027\\0\u0027 en un nombre de dominio en el campo nombre com\u00fan (CN) del asunto de un certificado X.509, que permite a un atacante de hombre-en-el-medio suplantar servidores SSL arbitrarios a trav\u00e9s de un certificado manipulado por una autoridad de certificaci\u00f3n."
}
],
"id": "CVE-2009-2408",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2009-07-30T19:30:00.313",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://isc.sans.org/diary.html?storyid=7003"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/56723"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36088"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36125"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36139"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36157"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36434"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36669"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37098"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.debian.org/security/2009/dsa-1874"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:217"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-42.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2009_48_firefox.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8\u0026r2=1.11\u0026f=h"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1207.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1432.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022632"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-810-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2085"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"source": "secalert@redhat.com",
"tags": [
"Press/Media Coverage"
],
"url": "http://www.wired.com/threatlevel/2009/07/kaminsky/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=510251"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10751"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8458"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://usn.ubuntu.com/810-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://isc.sans.org/diary.html?storyid=7003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/56723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.debian.org/security/2009/dsa-1874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-42.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2009_48_firefox.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8\u0026r2=1.11\u0026f=h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1207.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1432.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-810-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage"
],
"url": "http://www.wired.com/threatlevel/2009/07/kaminsky/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=510251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://usn.ubuntu.com/810-2/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-27 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | network_security_services | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF36FE92-B3FB-4ABB-82C4-E18CF98D1A58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en la funci\u00f3n alloc_segs en lib/dbm/src/hash.c en Mozilla Network Security Services (NSS) permite que atacantes dependientes del contexto provoquen un impacto no especificado empleando un archivo cert8.db manipulado."
}
],
"id": "CVE-2017-11695",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-27T19:29:00.503",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Aug/17"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.geeknik.net/9brdqk6xu"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100345"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039153"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202003-37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Aug/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.geeknik.net/9brdqk6xu"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202003-37"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-22 21:15
Modified
2024-11-21 03:56
Severity ?
Summary
In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B93092E8-AB81-499E-A4DC-327E6D587CA5",
"versionEndExcluding": "3.36.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62F5DA72-5D31-47E7-9BC8-5CCADC75C3F1",
"versionEndExcluding": "3.41.1",
"versionStartIncluding": "3.41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B09C415-21F2-49C9-BFAE-2151C8ED4D06",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F196C09E-4C45-42D5-B509-7EB77F6566F1",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13D72F66-A1B2-4FB7-B31B-EF16955BC871",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB658DF3-A68F-4248-B240-9194E17941E1",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E16E621D-84DB-4F0D-A771-5E282B0292B2",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "059624DD-C1C8-408C-8026-D4FBC93C3CF9",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06AF9201-89AB-42E6-97CF-9EDDC17EF7AE",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2656219C-7E23-47F7-AFB7-0D6D3D2ACA85",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service."
},
{
"lang": "es",
"value": "En Network Security Services (NSS) versiones anteriores a 3.36.7 y versiones anteriores a 3.41.1, una firma malformada puede causar un bloqueo debido a una desreferencia de null, resultando en una Denegaci\u00f3n de Servicio"
}
],
"id": "CVE-2018-18508",
"lastModified": "2024-11-21T03:56:04.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-22T21:15:12.467",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes"
},
{
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-16 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | network_security_services | 3.2 | |
| mozilla | network_security_services | 3.2.1 | |
| mozilla | network_security_services | 3.3 | |
| mozilla | network_security_services | 3.3.1 | |
| mozilla | network_security_services | 3.3.2 | |
| mozilla | network_security_services | 3.4 | |
| mozilla | network_security_services | 3.4.1 | |
| mozilla | network_security_services | 3.4.2 | |
| mozilla | network_security_services | 3.5 | |
| mozilla | network_security_services | 3.6 | |
| mozilla | network_security_services | 3.6.1 | |
| mozilla | network_security_services | 3.7 | |
| mozilla | network_security_services | 3.7.1 | |
| mozilla | network_security_services | 3.7.2 | |
| mozilla | network_security_services | 3.7.3 | |
| mozilla | network_security_services | 3.7.5 | |
| mozilla | network_security_services | 3.7.7 | |
| mozilla | network_security_services | 3.8 | |
| mozilla | network_security_services | 3.9 | |
| mozilla | network_security_services | 3.11.2 | |
| mozilla | network_security_services | 3.11.3 | |
| mozilla | network_security_services | 3.11.4 | |
| mozilla | network_security_services | 3.11.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44E0E1D0-F71C-4A3F-B3EE-97B299EF2AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47CD4C15-02C8-42F2-9AF3-E44F74DE62B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3DDE473-7A61-46AD-9D3B-CA299928FD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "046596DB-57EB-4354-A79E-B3B1D5B4DD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0755B957-CB78-4B8E-9CFE-D53389789ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "17D292FA-E062-4C52-AE0A-CA7D183D9E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83E1A0EA-9E2F-407F-A72F-D5061B6CD318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B565D82B-CAB8-4512-B7B7-0402146DD2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "68341EA6-4FF0-4F87-AC71-4EC5D648406C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A91596AC-3F28-4BBD-A697-81909A5407B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A57A5053-018B-468C-BC18-5140E6B5B048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C2962B1B-4B7F-4527-AE4C-C76787FEDB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE921188-7A50-479F-853F-95127C9BE4E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F710939C-8598-40FE-9D5F-A3665723A5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75572113-BD36-49BB-B7A1-177EB7DD3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F18265E-EE99-4D0F-B975-22A86077A611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E3EA58-3FD3-4AD8-AA63-057F8D31301B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A51D3086-99CB-4C01-B286-3F7F6B6FB3AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA7EB49-52A7-4AFC-9D7D-0225A430B636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EAD5F88F-038C-4973-8391-C40C08573F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F474C4B3-B85D-4059-B5D9-84238A642EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BB4C26-42DC-48F7-B73B-4C88FD3D1E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0FCC4537-605F-4A3B-AAD1-FC7D0F44F6B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment"
},
{
"lang": "es",
"value": "** EN DISPUTA ** Mozilla Network Security Services (NSS) v3.x, con ciertos ajustes de la opci\u00f3n SSL_ENABLE_RENEGOTIATION, no restringen adecuadamente la renegociaci\u00f3n iniciada por el cliente dentro de los protocolos SSL y TLS, lo que podr\u00eda hacer m\u00e1s f\u00e1cil para los atacantes remotos causar una denegaci\u00f3n de servicio (consumo de CPU) mediante la realizaci\u00f3n de las renegociaciones de muchos dentro de una sola conexi\u00f3n, una vulnerabilidad diferente a CVE-2011-1473. NOTA: tambi\u00e9n se puede argumentar que es la responsabilidad de las implementaciones de servidores, no una biblioteca de seguridad, para prevenir o limitar la renegociaci\u00f3n cuando es inapropiado dentro de un entorno espec\u00edfico."
}
],
"id": "CVE-2011-5094",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-16T21:55:02.500",
"references": [
{
"source": "cve@mitre.org",
"url": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html"
},
{
"source": "cve@mitre.org",
"url": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2011/07/08/2"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=707065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/07/08/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=707065"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-01 13:29
Modified
2024-11-21 02:59
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2016-2779.html | Third Party Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/94346 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/201701-46 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2016-2779.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94346 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201701-46 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F67129F-68B8-4D18-A4FE-E7936943F767",
"versionEndIncluding": "3.21.4",
"versionStartIncluding": "3.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group."
},
{
"lang": "es",
"value": "Se ha descubierto que el manejo del intercambio de claves de cliente Diffie Hellman en NSS 3.21.x era vulnerable a un ataque de confinamiento de subgrupo peque\u00f1o. Un atacante podr\u00eda emplear este error para recuperar claves privadas confinando la clave DH del cliente en un subgrupo peque\u00f1o del grupo deseado."
}
],
"id": "CVE-2016-8635",
"lastModified": "2024-11-21T02:59:43.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-01T13:29:00.217",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94346"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-46"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-358"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-320"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-11 21:29
Modified
2024-11-21 03:27
Severity ?
Summary
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 8.0 | |
| mozilla | firefox | * | |
| mozilla | firefox | 52.0 | |
| mozilla | firefox_esr | * | |
| mozilla | network_security_services | * | |
| mozilla | thunderbird | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83FECC93-8DC3-41D0-8E53-45E1F4D53321",
"versionEndExcluding": "53.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:52.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C00F05B-5B10-401D-8C5E-517FAF7BCFE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58F03A98-1317-4A15-BAB3-AC045AA9AAE9",
"versionEndExcluding": "45.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64C04620-45D6-4375-A21E-FA5B220BFB4A",
"versionEndExcluding": "3.28.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "762A750E-2FFF-48F5-941A-99ED9FC2549B",
"versionEndExcluding": "52.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53."
},
{
"lang": "es",
"value": "Error en la generaci\u00f3n de n\u00fameros DRBG en la biblioteca Network Security Services (NSS) cuando el V de estado interno no transporta bits correctamente. La biblioteca NSS ha sido actualizada para solucionar este problema y Firefox ESR 52.1 ha sido actualizado con la versi\u00f3n 3.28.4 de NSS. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.1, Firefox ESR en versiones anteriores a la 45.9, Firefox en versiones anteriores a la 52.1 y Firefox en versiones anteriores a la 53."
}
],
"id": "CVE-2017-5462",
"lastModified": "2024-11-21T03:27:40.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-11T21:29:07.093",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97940"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038320"
},
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1345089"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201705-04"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3831"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3872"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-10/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-11/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-12/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-13/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1345089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201705-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-10/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-11/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-12/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-13/"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-682"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-14 17:15
Modified
2024-11-21 07:19
Severity ?
Summary
A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.mozilla.org/show_bug.cgi?id=1774654 | Issue Tracking, Patch, Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2134331 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202212-05 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.mozilla.org/show_bug.cgi?id=1774654 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2134331 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202212-05 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | network_security_services | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E02C234-DBC0-43EE-9E43-EA689C30E9D6",
"versionEndExcluding": "3.87",
"versionStartIncluding": "3.77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash."
},
{
"lang": "es",
"value": "Una vulnerabilidad encontrada en nss. Por esta vulnerabilidad de seguridad, el cliente nss es bloqueado sin un certificado de usuario en la base de datos y esto puede conllevar a un fallo de segmentaci\u00f3n o un bloqueo"
}
],
"id": "CVE-2022-3479",
"lastModified": "2024-11-21T07:19:37.127",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-14T17:15:15.463",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1774654"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134331"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202212-05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1774654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202212-05"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-13 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| canonical | ubuntu_linux | 16.04 | |
| opensuse | leap | 42.1 | |
| opensuse | opensuse | 13.1 | |
| opensuse | opensuse | 13.2 | |
| mozilla | network_security_services | * | |
| mozilla | firefox | * | |
| novell | suse_linux_enterprise_software_development_kit | 12.0 | |
| novell | suse_linux_enterprise_software_development_kit | 12.0 | |
| novell | suse_linux_enterprise_desktop | 12.0 | |
| novell | suse_linux_enterprise_desktop | 12.0 | |
| novell | suse_linux_enterprise_server | 12.0 | |
| novell | suse_linux_enterprise_server | 12.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "076DC0ED-AADF-4694-A6B7-ABE8F7A13B7A",
"versionEndIncluding": "3.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4FEA4B-E29B-485B-BD1C-F1400DF6D1E3",
"versionEndIncluding": "46.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "336EC5B8-6FD8-42BB-9530-58A15238CEE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "01E6CAD9-DC1F-4C7C-8C8E-98E4BFABAC94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA04C9F1-6257-4D82-BA0B-37DE66D94736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "6359EF76-9371-4418-8694-B604CF02CF63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "81D94366-47D6-445A-A811-39327B150FCD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors."
},
{
"lang": "es",
"value": "Mozilla Network Security Services (NSS) en versiones anteriores a3.23, tal como se utiliza en Mozilla Firefox en versiones anteriores a 47.0, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de aplicaci\u00f3n) o posiblemente tener otro impacto no especificado a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2016-2834",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-13T10:59:15.167",
"references": [
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-61.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/bid/91072"
},
{
"source": "security@mozilla.org",
"url": "http://www.securitytracker.com/id/1036057"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2993-1"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-3029-1"
},
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1206283"
},
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1221620"
},
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241034"
},
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241037"
},
{
"source": "security@mozilla.org",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-61.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2993-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3029-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1206283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1221620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-03-13 18:59
Modified
2025-04-12 10:46
Severity ?
Summary
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | network_security_services | 3.19.2 | |
| mozilla | network_security_services | 3.20 | |
| mozilla | network_security_services | 3.20.1 | |
| mozilla | network_security_services | 3.21 | |
| mozilla | firefox | * | |
| mozilla | firefox | 38.0 | |
| mozilla | firefox | 38.0.1 | |
| mozilla | firefox | 38.0.5 | |
| mozilla | firefox | 38.1.0 | |
| mozilla | firefox | 38.1.1 | |
| mozilla | firefox | 38.2.0 | |
| mozilla | firefox | 38.2.1 | |
| mozilla | firefox | 38.3.0 | |
| mozilla | firefox | 38.4.0 | |
| mozilla | firefox | 38.5.0 | |
| mozilla | firefox | 38.5.1 | |
| mozilla | firefox | 38.6.0 | |
| mozilla | firefox | 38.6.1 | |
| oracle | linux | 5.0 | |
| oracle | linux | 6 | |
| oracle | linux | 7 | |
| oracle | vm_server | 3.2 | |
| apple | iphone_os | * | |
| apple | mac_os_x | * | |
| apple | tvos | * | |
| apple | watchos | * | |
| oracle | glassfish_server | 2.1.1 | |
| oracle | iplanet_web_proxy_server | 4.0 | |
| oracle | iplanet_web_server | 7.0 | |
| oracle | linux | 5.0 | |
| oracle | linux | 6 | |
| oracle | linux | 7 | |
| opensuse | opensuse | 13.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "052B697D-EF07-43AD-A2FF-4A2CCE3540A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "5648F313-022B-45A7-8C65-C757A28D3886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7ED6B6EF-D19A-474B-893E-6A0C5BCF0356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9E67E8-CD01-4E19-9003-7E31A0942DB4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2CA2CAD-3088-47C2-AE3A-607E6064E9BE",
"versionEndIncluding": "44.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35BF0AFB-26BA-4BEA-B6B8-11CF88E951DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F007CC6-9391-4E1C-A747-F3DE5E572FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "45E9641F-430C-4B3A-BD63-EC13DBD3D1E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5AADD23B-A8AF-4679-990D-C29A1D6EB5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1343A1FD-98CF-4A6C-A697-1253E538FD5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D098567-B55E-4EAC-8FAA-31FAFDD4058F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE0389BC-D295-4957-8AE7-EDAC770F596D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E75E69A5-AC94-4F35-9EFB-1BFF8B78210D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2765E663-C9CF-476A-B7A8-6F02D0E2D72D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62B4E871-0ACB-4EC5-8392-EAD0DF25E64B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "435D6EF5-C879-4121-9D47-EF2236E53409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5963D11-D2F4-40A7-81CE-E034C91FCCBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FB022A7-B792-4AC0-B2CF-AF6F384AE719",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CCD459-9E6D-4731-8054-CDF8B58454A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7A498A-A669-4C42-8134-86103C799D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
"matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5FEC7F7E-AA94-4405-93D6-D0194A37D3C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "080450EA-85C1-454D-98F9-5286D69CF237",
"versionEndIncluding": "9.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C6DA6A-9C87-4B7B-A52D-A66276B5DE82",
"versionEndIncluding": "10.11.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7CF16CB-120B-4FC0-B7A2-2FCD3324EA8A",
"versionEndIncluding": "9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF14807-BA21-480B-9ED0-A6D53352E87F",
"versionEndIncluding": "2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E80F5AC-A2EF-4D8A-AE8F-5DD0FF9B48C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:iplanet_web_proxy_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9E3545-A799-427A-8FE4-1E8231A7A284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:iplanet_web_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A972CA67-3909-4E9A-B8FC-7AAE5126528A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CCD459-9E6D-4731-8054-CDF8B58454A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7A498A-A669-4C42-8134-86103C799D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
"matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate."
},
{
"lang": "es",
"value": "El desbordamiento de buffer basado en memoria din\u00e1mica en Mozilla Network Security Services (NSS) en versiones anteriores a 3.19.2.3 y 3.20.x y 3.21.x en versiones anteriores a 3.21.1, tal y como se utiliza en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7, permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de datos ASN.1 manipulados en un certificado X.509.\""
}
],
"id": "CVE-2016-1950",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-03-13T18:59:00.193",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0495.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-35.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/bid/84223"
},
{
"source": "security@mozilla.org",
"url": "http://www.securitytracker.com/id/1035215"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2917-3"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2924-1"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2934-1"
},
{
"source": "security@mozilla.org",
"url": "https://bto.bluecoat.com/security-advisory/sa119"
},
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245528"
},
{
"source": "security@mozilla.org",
"tags": [
"Release Notes"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes"
},
{
"source": "security@mozilla.org",
"tags": [
"Release Notes"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes"
},
{
"source": "security@mozilla.org",
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT206166"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT206167"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT206168"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT206169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0495.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-35.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/84223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2917-3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2924-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2934-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bto.bluecoat.com/security-advisory/sa119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT206166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT206167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT206168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT206169"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-25 13:25
Modified
2025-04-12 10:46
Severity ?
Summary
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "204AD77A-1AE4-4B3D-AEBB-ED8A36F3669F",
"versionEndIncluding": "3.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44E0E1D0-F71C-4A3F-B3EE-97B299EF2AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47CD4C15-02C8-42F2-9AF3-E44F74DE62B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3DDE473-7A61-46AD-9D3B-CA299928FD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "046596DB-57EB-4354-A79E-B3B1D5B4DD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0755B957-CB78-4B8E-9CFE-D53389789ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "17D292FA-E062-4C52-AE0A-CA7D183D9E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83E1A0EA-9E2F-407F-A72F-D5061B6CD318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B565D82B-CAB8-4512-B7B7-0402146DD2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "68341EA6-4FF0-4F87-AC71-4EC5D648406C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A91596AC-3F28-4BBD-A697-81909A5407B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A57A5053-018B-468C-BC18-5140E6B5B048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C2962B1B-4B7F-4527-AE4C-C76787FEDB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE921188-7A50-479F-853F-95127C9BE4E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F710939C-8598-40FE-9D5F-A3665723A5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75572113-BD36-49BB-B7A1-177EB7DD3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F18265E-EE99-4D0F-B975-22A86077A611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E3EA58-3FD3-4AD8-AA63-057F8D31301B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A51D3086-99CB-4C01-B286-3F7F6B6FB3AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA7EB49-52A7-4AFC-9D7D-0225A430B636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EAD5F88F-038C-4973-8391-C40C08573F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F474C4B3-B85D-4059-B5D9-84238A642EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BB4C26-42DC-48F7-B73B-4C88FD3D1E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0FCC4537-605F-4A3B-AAD1-FC7D0F44F6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E62D1D1B-985D-440B-AD23-3F16AEC8DA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54B8C2DA-E663-437B-83DA-5521AF002C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94C2A7CF-71DB-431C-8F13-E6F46961F68D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "000A1698-C9DE-49A1-9F5D-FDED34A134E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "601788BD-8B31-417F-AE7D-BE8E4107C1EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06A99645-6A81-40C3-B46F-3D1ABF00EF00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EBCB20B-A367-485F-9115-04EABBE69C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E38E21D-23A9-4D0D-B45B-AF019CD448F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "33955B7C-ABA0-49E3-BEF8-AD29FD31DA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "42C5B25D-E039-427D-8655-FD6BB9302793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E3FD4C-57C7-49CC-B970-18FE767A5ABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE6B5A1-2E92-427A-810F-0139632F4410",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "548E3AAC-3628-4CA4-98CF-7F3724F4355D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8E39AD87-3C6C-4B2F-AC3C-84FDBE184440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "99EDA73B-F030-48C0-AAC1-7B8FF1D9E54E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3720323-D3BD-4ACD-93B7-B1687E2B241B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AA512E-B2EA-4C73-91B9-14BD5776EE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D2D713-5A78-4D78-BF0B-2BC1A621D4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD0792F-A78A-420B-8069-67920BC5DEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A05D7AA9-8EA2-4063-B853-FE1E3CA85B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B591920E-38ED-4046-AD08-E31464C61A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7456D704-3B98-42EC-929A-91BD1E95233F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27F38E50-AF67-4F2B-9DA2-0BDC4BE7D5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "473B6DB5-D433-4B1C-9F0D-8260A143D437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D87CDFCB-B9FF-49F4-88BA-49D14E6FA8FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D4DE8E-7184-4A6B-87EA-A0B116EA0155",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name\u0027s U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate."
},
{
"lang": "es",
"value": "La funci\u00f3n cert_TestHostName en lib/certdb/certdb.c en la implementaci\u00f3n de comprobaci\u00f3n de certificado en Mozilla Network Security Services (NSS) anterior a 3.16 acepta un car\u00e1cter comod\u00edn que est\u00e1 embebido en U-label de un nombre de dominio internacionalizado, lo que podr\u00eda permitir a atacantes man-in-the-middle falsificar servidores SSL a trav\u00e9s de un certificado manipulado."
}
],
"id": "CVE-2014-1492",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-25T13:25:38.493",
"references": [
{
"source": "security@mozilla.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "security@mozilla.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html"
},
{
"source": "security@mozilla.org",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "security@mozilla.org",
"url": "http://secunia.com/advisories/59866"
},
{
"source": "security@mozilla.org",
"url": "http://secunia.com/advisories/60621"
},
{
"source": "security@mozilla.org",
"url": "http://secunia.com/advisories/60794"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2014/dsa-2994"
},
{
"source": "security@mozilla.org",
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-45.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/bid/66356"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2159-1"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2185-1"
},
{
"source": "security@mozilla.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"source": "security@mozilla.org",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=903885"
},
{
"source": "security@mozilla.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1079851"
},
{
"source": "security@mozilla.org",
"url": "https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes"
},
{
"source": "security@mozilla.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://hg.mozilla.org/projects/nss/rev/709d4e597979"
},
{
"source": "security@mozilla.org",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-45.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2159-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2185-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=903885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1079851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://hg.mozilla.org/projects/nss/rev/709d4e597979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201504-01"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-11 01:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | network_security_services | * | |
| mozilla | network_security_services | * | |
| mozilla | network_security_services | * | |
| mozilla | network_security_services | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10B03F76-10F8-436D-93FC-E031766157B6",
"versionEndExcluding": "3.21.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35AB5F66-C087-4C44-81C9-C153C69C57E5",
"versionEndExcluding": "3.28.4",
"versionStartExcluding": "3.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBCF5DE-F055-463F-BB92-7ECD14E18BC6",
"versionEndExcluding": "3.29.5",
"versionStartIncluding": "3.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5514E06-CE37-41E6-AD9E-19396DBB9702",
"versionEndExcluding": "3.30.1",
"versionStartIncluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations."
},
{
"lang": "es",
"value": "Los servicios de Seguridad de Red de Mozilla (Network Security Services o NSS) en versiones anteriores a la 3.21.4, versiones de las 3.22.x a las 3.28.x anteriores a la 3.28.4, versiones 3.29.x anteriores a la 3.29.5 y versiones 3.30.x anteriores a la 3.30.1 permiten que atacantes remotos provoquen una denegaci\u00f3n de servicio (escritura fuera de l\u00edmites) o que, probablemente, causen otro impacto no especificado aprovechando operaciones en base64 incorrectas."
}
],
"id": "CVE-2017-5461",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-11T01:29:05.807",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2017/dsa-3831"
},
{
"source": "security@mozilla.org",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2017/dsa-3872"
},
{
"source": "security@mozilla.org",
"tags": [
"Patch"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Patch"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98050"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038320"
},
{
"source": "security@mozilla.org",
"tags": [
"Patch"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1100"
},
{
"source": "security@mozilla.org",
"tags": [
"Patch"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1101"
},
{
"source": "security@mozilla.org",
"tags": [
"Patch"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1102"
},
{
"source": "security@mozilla.org",
"tags": [
"Patch"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1103"
},
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1344380"
},
{
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.4_release_notes"
},
{
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.4_release_notes"
},
{
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.5_release_notes"
},
{
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201705-04"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/#CVE-2017-5461"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/#CVE-2017-5461"
},
{
"source": "security@mozilla.org",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2017/dsa-3831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2017/dsa-3872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Permissions Required"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1344380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.4_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.4_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.5_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201705-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/#CVE-2017-5461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/#CVE-2017-5461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-15 18:07
Modified
2025-04-03 01:03
Severity ?
Summary
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox | * | |
| mozilla | network_security_services | * | |
| mozilla | seamonkey | * | |
| mozilla | thunderbird | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "553BE4FA-523B-4AED-90D4-6FFCFD91E4F8",
"versionEndIncluding": "1.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F61D6DE3-BD82-4A09-9537-806FAEEA8FB5",
"versionEndIncluding": "3.11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCE4360-4064-47F8-B4B1-12D15D31BE13",
"versionEndIncluding": "1.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C246DC3-0BAF-4FE2-B160-EE223E8F3CD2",
"versionEndIncluding": "1.5.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462."
},
{
"lang": "es",
"value": "La librer\u00eda Mozilla Network Security Service (NSS) anterior a 3.11.3, usada en Mozilla Firefox anterior a 1.5.0.7, Thunderbird anterior a 1.5.0.7, y SeaMonkey anterior a 1.0.5, cuando se usa una llave RSA con exponente 3, no maneja correctamente los datos en una firma, lo que permite a atacantes remotos falsificar firmas para SSL/TLS y certificados de correo electr\u00f3nico; una vulnerabilidad muy similar a la CVE-2006-4339. NOTA: el 7/11/2006, Mozilla public\u00f3 un aviso afirmando que estas versiones no estaban completamente parcheadas por MFSA2006-60. Las nuevas correcciones para 1.5.0.7 se tratan en CVE-2006-5462."
}
],
"id": "CVE-2006-4340",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-15T18:07:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21903"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21906"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21915"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21916"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21939"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21940"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21949"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21950"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22001"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22025"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22036"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22044"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22055"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22056"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22066"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22074"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22088"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22195"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22210"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22226"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22247"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22274"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22299"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22342"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22422"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22446"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22849"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22992"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/23883"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/24711"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1016858"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1016859"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1016860"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2006/dsa-1192"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2006/dsa-1210"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
},
{
"source": "secalert@redhat.com",
"url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2006_55_ssl.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-350-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-351-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-352-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-354-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-361-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-312A.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.us.debian.org/security/2006/dsa-1191"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/3617"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/3622"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/3748"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/3899"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2007/0293"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2007/1198"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"source": "secalert@redhat.com",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
},
{
"source": "secalert@redhat.com",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30098"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-640"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_55_ssl.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-350-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-351-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-352-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-354-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-361-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-312A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.us.debian.org/security/2006/dsa-1191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-05 05:59
Modified
2025-04-12 10:46
Severity ?
Summary
The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39EA735D-20A8-4595-BFF8-7B1F5A32CDA2",
"versionEndIncluding": "3.19.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "95762E75-6DEC-4B1C-87B4-A4EA1937B710",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A741F21D-4095-47E0-AAB4-DDBDAAC5BAB1",
"versionEndIncluding": "41.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35BF0AFB-26BA-4BEA-B6B8-11CF88E951DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F007CC6-9391-4E1C-A747-F3DE5E572FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "45E9641F-430C-4B3A-BD63-EC13DBD3D1E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5AADD23B-A8AF-4679-990D-C29A1D6EB5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1343A1FD-98CF-4A6C-A697-1253E538FD5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D098567-B55E-4EAC-8FAA-31FAFDD4058F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE0389BC-D295-4957-8AE7-EDAC770F596D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E75E69A5-AC94-4F35-9EFB-1BFF8B78210D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a \"use-after-poison\" issue."
},
{
"lang": "es",
"value": "La funci\u00f3n sec_asn1d_parse_leaf en Mozilla Network Security Services (NSS) en versiones anteriores a 3.19.2.1 y 3.20.x en versiones anteriores a 3.20.1, como se utiliza en Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4 y otros productos, restringe el acceso de manera incorrecta a una estructura de datos no especificada, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de datos OCTET STRING manipulados, relacionado con un problema \u0027use-after-poison\u0027."
}
],
"id": "CVE-2015-7181",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-05T05:59:05.603",
"references": [
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"
},
{
"source": "security@mozilla.org",
"url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2015/dsa-3393"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2015/dsa-3410"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/bid/77416"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "security@mozilla.org",
"url": "http://www.securitytracker.com/id/1034069"
},
{
"source": "security@mozilla.org",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.399753"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2785-1"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2791-1"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2819-1"
},
{
"source": "security@mozilla.org",
"url": "https://bto.bluecoat.com/security-advisory/sa119"
},
{
"source": "security@mozilla.org",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1192028"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes"
},
{
"source": "security@mozilla.org",
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"source": "security@mozilla.org",
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/77416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.399753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2785-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2791-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2819-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bto.bluecoat.com/security-advisory/sa119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1192028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201605-06"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-30 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | network_security_services | 3.24.0 | |
| mozilla | network_security_services | 3.25.0 | |
| mozilla | network_security_services | 3.25.1 | |
| mozilla | network_security_services | 3.26.0 | |
| mozilla | network_security_services | 3.26.2 | |
| mozilla | network_security_services | 3.27.0 | |
| mozilla | network_security_services | 3.27.1 | |
| mozilla | network_security_services | 3.27.2 | |
| mozilla | network_security_services | 3.28.0 | |
| mozilla | network_security_services | 3.28.1 | |
| mozilla | network_security_services | 3.28.2 | |
| mozilla | network_security_services | 3.28.3 | |
| mozilla | network_security_services | 3.29.0 | |
| mozilla | network_security_services | 3.29.1 | |
| mozilla | network_security_services | 3.29.2 | |
| mozilla | network_security_services | 3.29.3 | |
| mozilla | network_security_services | 3.30.0 | |
| mozilla | network_security_services | 3.30.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "630172B3-35C0-4F6F-9314-B373479B5031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.25.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B57208D-8174-44B9-853C-4F7F2421AF05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.25.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A628134E-1542-4A48-8615-7A0162598720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.26.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76D03667-90A8-4277-8C5E-E2601EF6DAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.26.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F15238C6-62BA-40F8-9362-F0B7FAF38915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.27.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FDD2D7F-CB2A-47EF-886C-BA243E332C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.27.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04F1B087-FE60-4B95-9BCF-F5BAA8CEE3A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.27.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5404F24C-F227-4F93-9036-D809CF29B6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.28.0:*:*:*:*:*:*:*",
"matchCriteriaId": "199BCC71-C530-4BB7-9E25-C1119A6E5F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.28.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF88310-4B46-497F-9519-A1FFFF31D6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.28.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1133B63-F6A0-4A56-B544-828B751D728A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.28.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C92CFFB1-A4E0-49C2-84F4-784E10E5EBEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.29.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A539983F-E03E-44F7-92FE-5D18ACEB9872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.29.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2C10A9-B0C5-41CF-98A2-C127E98F8CC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.29.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB24400-3E42-45B3-AC58-62638E419141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.29.3:*:*:*:*:*:*:*",
"matchCriteriaId": "54E14F84-F751-455E-ADE8-BDABD146B31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.30.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A69F1814-1D94-47AB-AD50-2B1F042DCA0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.30.1:*:*:*:*:*:*:*",
"matchCriteriaId": "175E697B-FC1D-483B-9235-9162534FB093",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad de desreferencia de puntero NULL en NSS desde la versi\u00f3n 3.24.0 en la que el servidor recibe mensajes SSLv2 vac\u00edos, lo que da lugar a una denegaci\u00f3n de servicio (DoS) por parte de atacantes remotos."
}
],
"id": "CVE-2017-7502",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-30T18:29:00.237",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2017/dsa-3872"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98744"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1038579"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2017:1364"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2017:1365"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2017:1567"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2017:1712"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://hg.mozilla.org/projects/nss/rev/55ea60effd0d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:1364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:1365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:1567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:1712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://hg.mozilla.org/projects/nss/rev/55ea60effd0d"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-22 21:15
Modified
2024-11-21 04:31
Severity ?
Summary
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B09C415-21F2-49C9-BFAE-2151C8ED4D06",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F196C09E-4C45-42D5-B509-7EB77F6566F1",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13D72F66-A1B2-4FB7-B31B-EF16955BC871",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB658DF3-A68F-4248-B240-9194E17941E1",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E16E621D-84DB-4F0D-A771-5E282B0292B2",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "059624DD-C1C8-408C-8026-D4FBC93C3CF9",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06AF9201-89AB-42E6-97CF-9EDDC17EF7AE",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2656219C-7E23-47F7-AFB7-0D6D3D2ACA85",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83C9B16A-F21D-475D-9B00-9B6E64FAB0F8",
"versionEndExcluding": "3.46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow."
},
{
"lang": "es",
"value": "En Network Security Services (NSS) versiones anteriores a 3.46, varias primitivas criptogr\u00e1ficas presentaban una falta de comprobaci\u00f3n de longitud.\u0026#xa0;En los casos en que la aplicaci\u00f3n que llama a la biblioteca no llev\u00f3 a cabo una comprobaci\u00f3n de saneo en las entradas, lo que podr\u00eda resultar en un bloqueo debido a un desbordamiento del b\u00fafer"
}
],
"id": "CVE-2019-17006",
"lastModified": "2024-11-21T04:31:31.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-22T21:15:12.560",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210129-0001/"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210129-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-03-13 18:59
Modified
2025-04-12 10:46
Severity ?
Summary
Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox | * | |
| mozilla | network_security_services | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11233031-7034-4B56-8D8A-FCBD100B26F3",
"versionEndIncluding": "43.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92954403-582A-4A55-B45C-64CADCF40909",
"versionEndIncluding": "3.20.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption."
},
{
"lang": "es",
"value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n de memoria en la funci\u00f3n ssl3_HandleECDHServerKeyExchange en Mozilla Network Security Services (NSS) en versiones anteriores a 3.21, como se utiliza en Mozilla Firefox en versiones anteriores a 44.0, permite a atacantes remotos causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado llevando a cabo un apret\u00f3n de manos SSL (1) DHE o (2) ECDHE en un momento de alto consumo de memoria."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/416.html\"\u003eCWE-416: Use After Free\u003c/a\u003e",
"id": "CVE-2016-1978",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-03-13T18:59:27.287",
"references": [
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0591.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0684.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0685.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-15.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/bid/84275"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "security@mozilla.org",
"url": "http://www.securitytracker.com/id/1035258"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2973-1"
},
{
"source": "security@mozilla.org",
"url": "https://bto.bluecoat.com/security-advisory/sa124"
},
{
"source": "security@mozilla.org",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1209546"
},
{
"source": "security@mozilla.org",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes"
},
{
"source": "security@mozilla.org",
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0591.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0684.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0685.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-15.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/84275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2973-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bto.bluecoat.com/security-advisory/sa124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1209546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201605-06"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-21 00:59
Modified
2025-04-12 10:46
Severity ?
Summary
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51F16DD0-B15A-4B29-B68A-D6ABA0BF9623",
"versionEndIncluding": "1.0.1m",
"versionStartIncluding": "1.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86B99FE0-EFEF-4C34-9790-A14504D701C5",
"versionEndIncluding": "1.0.2a",
"versionStartIncluding": "1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D0AB50-9195-4B1B-BB76-00F0A34C9389",
"versionEndIncluding": "1.0.1m",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*",
"matchCriteriaId": "B64BBA96-FB3C-46AC-9A29-50EE02714FE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:content_manager:8.5:*:*:*:*:enterprise:*:*",
"matchCriteriaId": "EB672C2E-8ABF-40CD-97DA-28D939DE4C63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:jrockit:r28.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "228C7B8D-18EE-444A-8067-6C222844FB8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update95:*:*:*:*:*:*",
"matchCriteriaId": "2755C397-75DF-4110-8C8A-05EFDFFF9BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update75:*:*:*:*:*:*",
"matchCriteriaId": "D084DBE9-BF2F-4A9B-8FDE-A9A608E6B40F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update80:*:*:*:*:*:*",
"matchCriteriaId": "18FB6138-2B3D-4C4B-8647-3D1646165641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update_33:*:*:*:*:*:*",
"matchCriteriaId": "49B3533A-57B1-4EDA-9434-D75AE837F2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update45:*:*:*:*:*:*",
"matchCriteriaId": "914D54AC-EAAE-4A01-BA88-7F245BDA47C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update_95:*:*:*:*:*:*",
"matchCriteriaId": "33DD9C2A-9C6E-407B-8110-2EC7906DE036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update_75:*:*:*:*:*:*",
"matchCriteriaId": "88FA3ACA-B2FC-4D9C-B67E-35272514FB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update_80:*:*:*:*:*:*",
"matchCriteriaId": "17B87292-EDBB-4D5A-8874-7405F040FAA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update_33:*:*:*:*:*:*",
"matchCriteriaId": "366E2702-633C-4D4C-ACF8-4CBEC66719F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update_45:*:*:*:*:*:*",
"matchCriteriaId": "8CFE55B4-9A07-4E88-98AC-8345243AEF79",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*",
"matchCriteriaId": "F1EB0F28-F23A-4969-8A3E-66DA2EFA40C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "D5BAC17C-EF31-4E94-9020-47B781AD94B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*",
"matchCriteriaId": "DB2A1559-651C-46B0-B436-8E03DC8A60D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*",
"matchCriteriaId": "9C649194-B8C2-49F7-A819-C635EE584ABF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB31BE7C-CB6D-447E-AFF8-618998950FC5",
"versionEndIncluding": "8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68566BD8-D5DD-4747-9C9A-59154400EBFA",
"versionEndIncluding": "10.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C6809678-475F-4703-BC9E-31EC8CAD3A24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:sparc-opl_service_processor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF02A45-1811-44F2-B3C9-90C11F5DF6DF",
"versionEndIncluding": "1121",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFDA34B4-65B4-41A5-AC22-667C8D8FF4B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39B565E1-C2F1-44FC-A517-E3130332B17C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C37BA825-679F-4257-9F2B-CE2318B75396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97D4FFCF-5309-43B6-9FD5-680C6D535A7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4545786D-3129-4D92-B218-F4A92428ED48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5AADD23B-A8AF-4679-990D-C29A1D6EB5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:39.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B692B58-6FB8-455F-86C0-35E0F216A736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FA389FFB-2289-4BFB-90A1-0E7EC42FFCEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.35:*:*:*:*:*:*:*",
"matchCriteriaId": "DA79F816-D26E-4A0D-8CD8-994EBB42C822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:31.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1C87BCC3-0315-4B3C-BFCD-1E218B475251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:38.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C00748D-ECFC-4ACA-964B-92330FE7B0EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mozilla:firefox_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E50128DD-9997-49E6-A47E-6A0B7959B3AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue."
},
{
"lang": "es",
"value": "El protocolo TLS 1.2 y anteriores, cuando una suite de cifrado DHE_EXPORT est\u00e1 habilitada en un servidor pero no en un cliente, no transporta una elecci\u00f3n DHE_EXPORT, lo que permite a atacantes man-in-the-middle realizar ataques de degradaci\u00f3n del cifrado mediante la rescritura de un ClientHello con DHE remplazado por DHE_EXPORT y posteriormente la rescritura de un ServerHello con DHE_EXPORT remplazado por DHE, tambi\u00e9n conocido como el problema \u0027Logjam\u0027."
}
],
"id": "CVE-2015-4000",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2015-05-21T00:59:00.087",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10681"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143506486712441\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143557934009303\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143558092609708\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143628304012255\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143637549705650\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143655800220052\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144050121701297\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144061542602287\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145409266329539\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2015/05/20/8"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1072.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1185.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1197.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1228.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1229.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1230.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1241.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1242.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1243.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1485.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1486.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1488.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1526.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1544.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1604.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1624.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT204941"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT204942"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://support.citrix.com/article/CTX201114"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959111"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959195"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959325"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959453"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959481"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959517"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959530"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959539"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959636"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959812"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960191"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961717"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962455"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962739"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21958984"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21959132"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960194"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960380"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960418"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21962816"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21967893"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3287"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3300"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3316"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3324"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3339"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.fortiguard.com/advisory/2015-05-20-logjam-attack"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-70.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74733"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032474"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032475"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032476"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032637"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032645"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032647"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032648"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032649"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032650"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032651"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032652"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032653"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032654"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032655"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032656"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032688"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032699"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032702"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032727"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032759"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032777"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032778"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032783"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032784"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032856"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032864"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032865"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032871"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032884"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032910"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032932"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032960"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033019"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033064"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033065"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033067"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033208"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033209"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033210"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033222"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033341"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033385"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033416"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033430"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033433"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033513"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033760"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033891"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033991"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034087"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034728"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034884"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036218"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040630"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2656-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2656-2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2673-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2696-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2706-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa98"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138554"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://openssl.org/news/secadv/20150611.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://puppet.com/security/cve/CVE-2015-4000"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201506-02"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201603-11"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20150619-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.citrix.com/article/CTX216642"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03831en_us"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://weakdh.org/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://weakdh.org/imperfect-forward-secrecy.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21959745"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv_20150611.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.suse.com/security/cve/CVE-2015-4000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143506486712441\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143557934009303\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143558092609708\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143628304012255\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143637549705650\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143655800220052\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144050121701297\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144061542602287\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145409266329539\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2015/05/20/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1072.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1185.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1197.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1228.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1229.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1230.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1241.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1242.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1243.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1485.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1486.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1488.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1526.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1544.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1604.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1624.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT204941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT204942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.citrix.com/article/CTX201114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21958984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21959132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21962816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21967893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.fortiguard.com/advisory/2015-05-20-logjam-attack"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-70.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2656-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2656-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2673-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2696-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2706-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa98"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://openssl.org/news/secadv/20150611.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://puppet.com/security/cve/CVE-2015-4000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201506-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201603-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20150619-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.citrix.com/article/CTX216642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03831en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://weakdh.org/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://weakdh.org/imperfect-forward-secrecy.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21959745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv_20150611.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.suse.com/security/cve/CVE-2015-4000.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-29 15:29
Modified
2024-11-21 03:45
Severity ?
Summary
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | network_security_services | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AAFED9E-E2C8-4F07-B9C8-E9D37436AAAA",
"versionEndExcluding": "3.39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When handling a SSLv2-compatible ClientHello request, the server doesn\u0027t generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3."
},
{
"lang": "es",
"value": "Cuando se maneja una petici\u00f3n ClientHello compatible con SSLv2, el servidor no genera un nuevo valor aleatorio, sino que env\u00eda un valor All-Zero en su lugar. Esto conlleva a una maleabilidad completa del ClientHello para SSLv2 usado para TLS 1.2 en todas las versiones anteriores a NSS 3.39. Esto no afecta a TLS 1.3."
}
],
"id": "CVE-2018-12384",
"lastModified": "2024-11-21T03:45:06.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-29T15:29:00.247",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12384"
},
{
"source": "security@mozilla.org",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-335"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-18 05:23
Modified
2025-04-11 00:51
Severity ?
Summary
The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | network_security_services | 3.15 | |
| mozilla | network_security_services | 3.15.1 | |
| mozilla | network_security_services | 3.15.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B591920E-38ED-4046-AD08-E31464C61A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7456D704-3B98-42EC-929A-91BD1E95233F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27F38E50-AF67-4F2B-9DA2-0BDC4BE7D5BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate."
},
{
"lang": "es",
"value": "La funci\u00f3n CERT_VerifyCert en lib / certhigh / certvfy.c de Servicios de Seguridad de Mozilla red (NSS) 3.15 antes de 3 3.15 proporciona un valor inesperado de retorno para un certificado de clave-uso incompatible cuando el argumento CERTVerifyLog es v\u00e1lido, lo que podr\u00eda permitir a atacantes remotos evitar restricciones de acceso destinados a trav\u00e9s de un certificado manipulado"
}
],
"id": "CVE-2013-5606",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-18T05:23:57.660",
"references": [
{
"source": "security@mozilla.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1791.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1829.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0041.html"
},
{
"source": "security@mozilla.org",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "security@mozilla.org",
"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2014/dsa-2994"
},
{
"source": "security@mozilla.org",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/bid/63737"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2030-1"
},
{
"source": "security@mozilla.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"source": "security@mozilla.org",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=910438"
},
{
"source": "security@mozilla.org",
"url": "https://developer.mozilla.org/docs/NSS/NSS_3.15.3_release_notes"
},
{
"source": "security@mozilla.org",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1791.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1829.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/63737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2030-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=910438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://developer.mozilla.org/docs/NSS/NSS_3.15.3_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201504-01"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-27 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | network_security_services | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF36FE92-B3FB-4ABB-82C4-E18CF98D1A58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file."
},
{
"lang": "es",
"value": "La funci\u00f3n __hash_open en hash.c:229 en Mozilla Network Security Services (NSS) permite que atacantes dependientes del contexto provoquen una denegaci\u00f3n de servicio (excepci\u00f3n de punto flotante y cierre inesperado) mediante un archivo cert8.db manipulado."
}
],
"id": "CVE-2017-11697",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-27T19:29:00.613",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Aug/17"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.geeknik.net/9brdqk6xu"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100345"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039153"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202003-37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Aug/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.geeknik.net/9brdqk6xu"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202003-37"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-18 05:23
Modified
2025-04-11 00:51
Severity ?
Summary
Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | network_security_services | 3.15 | |
| mozilla | network_security_services | 3.15.1 | |
| mozilla | network_security_services | 3.15.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B591920E-38ED-4046-AD08-E31464C61A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7456D704-3B98-42EC-929A-91BD1E95233F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27F38E50-AF67-4F2B-9DA2-0BDC4BE7D5BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value."
},
{
"lang": "es",
"value": "Desbordamiento de enteros en Mozilla Network Security Services (NSS) 3.15.3 anterior 3.15 que permite a atacantes remotos provocar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado a trav\u00e9s de un valor de gran tama\u00f1o."
}
],
"id": "CVE-2013-1741",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-18T05:23:57.427",
"references": [
{
"source": "security@mozilla.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "security@mozilla.org",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1791.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1829.html"
},
{
"source": "security@mozilla.org",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "security@mozilla.org",
"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
},
{
"source": "security@mozilla.org",
"url": "http://support.apple.com/kb/HT204941"
},
{
"source": "security@mozilla.org",
"url": "http://support.apple.com/kb/HT204942"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2014/dsa-2994"
},
{
"source": "security@mozilla.org",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/bid/63736"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2030-1"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2031-1"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2032-1"
},
{
"source": "security@mozilla.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"source": "security@mozilla.org",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=925100"
},
{
"source": "security@mozilla.org",
"url": "https://developer.mozilla.org/docs/NSS/NSS_3.15.3_release_notes"
},
{
"source": "security@mozilla.org",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1791.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1829.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT204941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT204942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/63736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2030-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2031-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2032-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=925100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://developer.mozilla.org/docs/NSS/NSS_3.15.3_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201504-01"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-07-06 02:01
Modified
2025-04-12 10:46
Severity ?
Summary
Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | suse_linux_enterprise_software_development_kit | 12.0 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| novell | suse_linux_enterprise_desktop | 12.0 | |
| novell | suse_linux_enterprise_server | 11 | |
| novell | suse_linux_enterprise_server | 12.0 | |
| mozilla | network_security_services | * | |
| mozilla | firefox | * | |
| mozilla | firefox | 31.0 | |
| mozilla | firefox | 31.1.0 | |
| mozilla | firefox | 31.1.1 | |
| mozilla | firefox | 31.3.0 | |
| mozilla | firefox | 31.5.1 | |
| mozilla | firefox | 31.5.2 | |
| mozilla | firefox | 31.5.3 | |
| mozilla | firefox | 38.0 | |
| mozilla | firefox_esr | 31.1 | |
| mozilla | firefox_esr | 31.2 | |
| mozilla | firefox_esr | 31.3 | |
| mozilla | firefox_esr | 31.4 | |
| mozilla | firefox_esr | 31.5 | |
| mozilla | firefox_esr | 31.6.0 | |
| mozilla | firefox_esr | 31.7.0 | |
| oracle | solaris | 11.3 | |
| oracle | vm_server | 3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "336EC5B8-6FD8-42BB-9530-58A15238CEE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA04C9F1-6257-4D82-BA0B-37DE66D94736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_server:11:sp4:*:*:*:*:*:*",
"matchCriteriaId": "095856BE-4E55-4FEA-BCAC-352C29083545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B27994-833C-491D-8B36-BB57C6EE5B9C",
"versionEndIncluding": "3.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "639EAD72-0505-4B4E-8693-9E653A30A334",
"versionEndIncluding": "38.1.0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11F024A-A8B7-405B-8A13-4BF406FBDB22",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D81A3698-797C-4CD9-BB02-A9182E0A6E11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84E8D7C7-B578-4623-9EA2-D13965DBE1F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:31.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3E5D043-71F8-4A61-BEA4-176153E26FD6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:31.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51CBE0A9-1D05-4F88-B5B5-1592D4A4687E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:31.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "902BF23B-C1B9-41F2-BF5D-C1722C3DBFFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:31.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "60521E93-3495-40F7-AA72-EE531F8FA09D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35BF0AFB-26BA-4BEA-B6B8-11CF88E951DE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D7AAC77-57A3-4747-B760-0EE3CD53E4DE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCA6959-24B7-4F86-BE25-0A8A7C1A3D13",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.3:*:*:*:*:*:*:*",
"matchCriteriaId": "697EA344-F982-4E9F-9EC8-CCCB5829582B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.4:*:*:*:*:*:*:*",
"matchCriteriaId": "61304847-1DC8-442C-8194-28E52B3C1293",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF9724E-93B2-4BC7-8181-6D9521A6CC37",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9DAF8682-9B5E-4DE7-AEB0-71D5E4E6E01C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA9780-4512-4B76-BDBB-BB702535ECBD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5FEC7F7E-AA94-4405-93D6-D0194A37D3C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors."
},
{
"lang": "es",
"value": "Mozilla Network Security Services (NSS) anterior a 3.19.1, utilizado en Mozilla Firefox anterior a 39.0, Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1, y otros productos, no realiza correctamente las multiplicaciones Elliptical Curve Cryptography (ECC), lo que facilita a atacantes remotos falsificar firmas ECDSA a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-2730",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-07-06T02:01:01.250",
"references": [
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1664.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1699.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2015/dsa-3336"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-64.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/bid/75541"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/bid/83399"
},
{
"source": "security@mozilla.org",
"url": "http://www.securitytracker.com/id/1032783"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2656-1"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2656-2"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2672-1"
},
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1125025"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes"
},
{
"source": "security@mozilla.org",
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1664.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1699.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-64.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/83399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2656-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2656-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2672-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1125025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201512-10"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-03-13 18:59
Modified
2025-04-12 10:46
Severity ?
Summary
Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox | * | |
| mozilla | network_security_services | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2CA2CAD-3088-47C2-AE3A-607E6064E9BE",
"versionEndIncluding": "44.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F572BBBC-FCAC-496F-B46F-5185EF20C603",
"versionEndIncluding": "3.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding."
},
{
"lang": "es",
"value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n de memoria en la funci\u00f3n PK11_ImportDERPrivateKeyInfoAndReturnKey en Mozilla Network Security Services (NSS) en versiones anteriores a 3.21.1, como se utiliza en Mozilla Firefox en versiones anteriores a 45.0, permite a atacantes remotos causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado a trav\u00e9s de datos de clave manipulados con codificado DER."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/416.html\"\u003eCWE-416: Use After Free\u003c/a\u003e",
"id": "CVE-2016-1979",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-03-13T18:59:28.163",
"references": [
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0591.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0684.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0685.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2016/dsa-3576"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-36.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/bid/84221"
},
{
"source": "security@mozilla.org",
"url": "http://www.securitytracker.com/id/1035215"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2973-1"
},
{
"source": "security@mozilla.org",
"url": "https://bto.bluecoat.com/security-advisory/sa124"
},
{
"source": "security@mozilla.org",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1185033"
},
{
"source": "security@mozilla.org",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes"
},
{
"source": "security@mozilla.org",
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0591.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0684.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0685.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-36.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/84221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2973-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bto.bluecoat.com/security-advisory/sa124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1185033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201605-06"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44E0E1D0-F71C-4A3F-B3EE-97B299EF2AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47CD4C15-02C8-42F2-9AF3-E44F74DE62B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3DDE473-7A61-46AD-9D3B-CA299928FD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "046596DB-57EB-4354-A79E-B3B1D5B4DD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0755B957-CB78-4B8E-9CFE-D53389789ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "17D292FA-E062-4C52-AE0A-CA7D183D9E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83E1A0EA-9E2F-407F-A72F-D5061B6CD318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B565D82B-CAB8-4512-B7B7-0402146DD2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "68341EA6-4FF0-4F87-AC71-4EC5D648406C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A91596AC-3F28-4BBD-A697-81909A5407B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A57A5053-018B-468C-BC18-5140E6B5B048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C2962B1B-4B7F-4527-AE4C-C76787FEDB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE921188-7A50-479F-853F-95127C9BE4E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F710939C-8598-40FE-9D5F-A3665723A5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75572113-BD36-49BB-B7A1-177EB7DD3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F18265E-EE99-4D0F-B975-22A86077A611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E3EA58-3FD3-4AD8-AA63-057F8D31301B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A51D3086-99CB-4C01-B286-3F7F6B6FB3AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA7EB49-52A7-4AFC-9D7D-0225A430B636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:certificate_server:1.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "72E930EF-CCEC-44EA-AA45-18644EFDA5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:certificate_server:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "506D842B-339C-452A-A229-C6B59B0E038D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:directory_server:1.3:patch5:*:*:*:*:*:*",
"matchCriteriaId": "1CD1E4C9-BFF1-4818-A1B8-ECD7B54C8B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:directory_server:3.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "492922BE-3B31-486C-94B5-114089E51E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:directory_server:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "70E0FF18-9B01-4500-9599-8F085655C388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:directory_server:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE69D422-E6FF-40F5-BC73-73BE3A042DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:directory_server:4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "39B65825-FE48-4938-A04F-12740611681B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:directory_server:4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE13D7D-2171-44F3-84D3-4CFD024AA3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E5E0298-99D9-476D-A7DF-36C6207482DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:2.0.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "8E0069EE-831B-4E6D-9AF9-71EFC9EED509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:2.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "5234109F-AD90-4324-AA03-C5DE007D32F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7B9FDA-DC62-4EC9-9120-A7E6795C2815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60812728-EC82-461E-BBDC-C5B4C1BF79E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.0.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "D94D2CA3-9868-4F27-B31D-D3EDC256BE5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.0.7a:*:netware:*:*:*:*:*",
"matchCriteriaId": "75FFC8CC-AB53-40CD-B6DF-C8CC17320FB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.0l:*:*:*:*:*:*:*",
"matchCriteriaId": "89FAF40A-00F0-48BA-BEE7-4722C82DC54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6280F25-3BC7-4701-914A-9ADC35A1A73B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE2CB845-D0E6-4B45-95A1-879BCCA037D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F18F9770-12E2-44D5-ABB6-EDFD2383BFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2CB1E6-63A1-42C5-889C-7EA83CB50543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "34D42A9F-449C-4F4D-B610-538BF133F744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.5:*:solaris:*:*:*:*:*",
"matchCriteriaId": "5AECADB3-F1EC-4410-AECF-D2C08B18F517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4147A43C-DA7B-4D08-90E9-72DE57B1D61D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3577B789-DBB6-413D-B964-B32FE3E8CD8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.6:*:solaris:*:*:*:*:*",
"matchCriteriaId": "FFBC4A27-818F-4B2C-818E-62FB43440DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1721BFD6-7914-4ADB-8205-38964C8FFDA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.6:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4EB62E6F-87E2-4A98-B4BD-3E0036CE7640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.6:sp3:*:*:*:*:*:*",
"matchCriteriaId": "418B500F-2A05-4419-997F-E04ECA2E3626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD208FC-AC17-45DF-9A5F-D8CDA6DB3A7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:4.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "4A29E0A5-9C1D-4CCF-AEEB-FF0B32B4201D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:4.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "0CE4230F-88A6-49DD-A05A-FCF4F2A5FF6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:4.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "85FAD645-5AFB-4553-85DA-D25E0333A26C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:4.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "0D98D58B-AE93-4471-81E0-FD0A4ED1AD51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:4.1:sp7:*:*:*:*:*:*",
"matchCriteriaId": "85C1DEB1-2628-45D4-9DB4-64A4CF9C89B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:4.1:sp8:*:*:*:*:*:*",
"matchCriteriaId": "F331B4BD-1381-4011-B2D9-9CD9B73F976B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:4.1.1:*:netware:*:*:*:*:*",
"matchCriteriaId": "B708CDB3-0BF9-4FE4-855F-DB6E1FE5A319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:5.0:*:netware:*:*:*:*:*",
"matchCriteriaId": "DA8D4321-3683-460F-AFAA-1D31E9B16818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:personalization_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7B348FC-6FEF-4682-BC25-82E726BFB64E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_enterprise_system:2003q4:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8DFE4D-1FB6-41D7-AAB6-82400C6B4504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_enterprise_system:2004q2:*:*:*:*:*:*:*",
"matchCriteriaId": "132976FA-A42E-4CC0-8C8F-9A034A046B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "EE5A4BC2-ED34-4968-881E-ED6AD300AC42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:platform:*:*:*:*:*",
"matchCriteriaId": "D00790CE-CD77-4C39-80AC-5FBD298DD63A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:standard:*:*:*:*:*",
"matchCriteriaId": "BC5F2280-EC46-4D2F-8402-FE91ECEE6A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur4:*:*:*:*:*:*",
"matchCriteriaId": "60EBC552-FAC2-4833-B1A6-696DC06301A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E583F338-CF10-4FD5-8A86-A3CE46E863DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "352D9910-BC83-44B2-B5C0-59B8F2C23142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F316ECED-A6E3-43AC-BA05-C42F2CB0D830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "FA32646E-1014-47D1-9C96-6CD8F0B13480",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33621D67-8191-42EE-8859-8B5FC30F935A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0C6F8563-701E-4E54-A0C9-67E9DF74D60D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp10:*:*:*:*:*:*",
"matchCriteriaId": "4022E5C6-5651-45DD-AF73-89CF38E71D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp11:*:*:*:*:*:*",
"matchCriteriaId": "EEF4CFCE-DEEC-4652-A96F-0C7B5A88175A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp12:*:*:*:*:*:*",
"matchCriteriaId": "873034EA-B3C6-43E6-AE98-A04598D9A392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp13:*:*:*:*:*:*",
"matchCriteriaId": "AC90D2B4-4FBE-405A-BD17-F84A37DC914E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp14:*:*:*:*:*:*",
"matchCriteriaId": "04366BB7-9F1D-4EC0-AE79-9603F71166C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AE01BAC9-DC57-4BC8-9BFB-9C7C94A516A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "1CEA91AD-443D-4856-AC7A-3DDE0791134D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "07C1D4DC-252A-4602-A916-32E51CCA75B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "526D2FAD-4241-412C-8863-B273D3733153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "B8A796CB-D675-49FC-98BA-4D527211C70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp7:*:*:*:*:*:*",
"matchCriteriaId": "8693959B-7D5D-414B-8660-2A693AF24541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp8:*:*:*:*:*:*",
"matchCriteriaId": "1BDC4A06-33A1-4619-B870-7F2AF1D332F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp9:*:*:*:*:*:*",
"matchCriteriaId": "8A445032-AD7B-4971-B175-DF3183A4A12C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "38698A3B-9597-4BC9-B112-BB908C3DE86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "78587B6D-2A95-4714-9632-4F75CD552E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "279FE555-E290-4B17-855D-781C9B58ED55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp7:*:*:*:*:*:*",
"matchCriteriaId": "26A8BE1A-082B-4CB5-97D0-7964FBC93572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp8:*:*:*:*:*:*",
"matchCriteriaId": "3609AA35-6B6A-47A1-B1D4-011B735E0671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E66F55C3-F5BD-49A7-B561-ACD8D522225D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4493C646-DF4B-45C7-86F7-A71AC9B1CA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "689F0A9F-8F34-4958-B869-C4FB8BC02406",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"matchCriteriaId": "771931F7-9180-4EBD-8627-E1CF17D24647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EDD9BE2B-7255-4FC1-B452-E8370632B03F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:11.23:*:ia64_64-bit:*:*:*:*:*",
"matchCriteriaId": "D73D159B-C3D8-4BBD-8BAA-E9E8D3AD3A04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message."
}
],
"id": "CVE-2004-0826",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109351293827731\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11015"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xforce.iss.net/xforce/alerts/id/180"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109351293827731\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xforce.iss.net/xforce/alerts/id/180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16314"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-06 05:44
Modified
2025-04-11 00:51
Severity ?
Summary
Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox | * | |
| mozilla | firefox_esr | * | |
| mozilla | network_security_services | * | |
| mozilla | seamonkey | * | |
| mozilla | thunderbird | * | |
| oracle | enterprise_manager_ops_center | * | |
| oracle | enterprise_manager_ops_center | 12.2.0 | |
| oracle | enterprise_manager_ops_center | 12.2.1 | |
| oracle | enterprise_manager_ops_center | 12.3.0 | |
| oracle | vm_server | 3.2 | |
| fedoraproject | fedora | 19 | |
| fedoraproject | fedora | 20 | |
| opensuse | opensuse | 11.4 | |
| opensuse | opensuse | 12.3 | |
| opensuse | opensuse | 13.1 | |
| suse | linux_enterprise_desktop | 11 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_software_development_kit | 11 | |
| debian | debian_linux | 7.0 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 | |
| canonical | ubuntu_linux | 13.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86B3B84A-9D1F-4863-987C-5C958B05C523",
"versionEndExcluding": "27.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61098C94-A0E8-4993-8368-9E9900BAB49D",
"versionEndExcluding": "24.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA8EEC7-FACD-41E8-AF9F-F8DB0D477D8C",
"versionEndExcluding": "3.15.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
"matchCriteriaId": "328319A6-42EE-408E-91A8-87156C17AE46",
"versionEndExcluding": "2.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4295262-F0E0-4E6B-A01C-C7BF51CB011E",
"versionEndExcluding": "24.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A70BB445-EF2B-4C9D-8502-FDD6A19F8C30",
"versionEndExcluding": "12.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4725EA61-9BAB-4E72-9F92-ADE4624439CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D0879FB1-58E2-4EC4-8111-044642E046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7CF2929-4CBC-4B56-87AE-F45F53BD8DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86:*",
"matchCriteriaId": "FC9E8528-0FB8-4BF0-A9EF-6CC84A2631A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
"matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "8B072472-B463-4647-885D-E40B0115C810",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*",
"matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "2F7F8866-DEAD-44D1-AB10-21EE611AA026",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket."
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en libssl en Mozilla Network Security Services (NSS) anterior a 3.15.4, utilizado en Mozilla Firefox anterior a 27.0, Firefox ESR 24.x anterior a 24.3, Thunderbird anterior a 24.3, SeaMonkey anterior a 2.24 y otros productos, permite a atacantes remotos causar una denegaci\u00f3n de servicio (uso despu\u00e9s de liberaci\u00f3n) o posiblemente tener otro impacto no especificado a trav\u00e9s de vectores que involucran una reanudaci\u00f3n de handshake que provoca un reemplazo incorrecto de un ticket de sesi\u00f3n."
}
],
"id": "CVE-2014-1490",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-06T05:44:25.097",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/102876"
},
{
"source": "security@mozilla.org",
"tags": [
"Not Applicable"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/56706"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/56767"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/56787"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/56858"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/56888"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/56922"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-2858"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-12.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Not Applicable"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/65335"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029717"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029720"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029721"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2102-1"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2102-2"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2119-1"
},
{
"source": "security@mozilla.org",
"tags": [
"Not Applicable"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Broken Link",
"URL Repurposed"
],
"url": "https://8pecxstudios.com/?page_id=44080"
},
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=930857"
},
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=930874"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90885"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/102876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/56706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/56767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/56787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/56858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/56888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/56922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-2858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-12.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/65335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2102-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2102-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2119-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"URL Repurposed"
],
"url": "https://8pecxstudios.com/?page_id=44080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=930857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=930874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201504-01"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-05 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C69962C4-FA56-47F2-82A4-DFF4C19DAF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B7BC1684-3634-4585-B7E6-8C8777E1DA0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "A490D040-EF74-45C2-89ED-D88ADD222712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "6CDA17D1-CD93-401E-860C-7C3291FEEB7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "6F72FDE3-54E0-48E4-9015-1B8A36DB1EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "4062C901-3828-415B-A6C3-EDD0E7B20C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "CC0D8730-7034-4AD6-9B05-F8BAFB0145EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "857AFB05-F0C1-4061-9680-9561D68C908F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "EC37EBAF-C979-4ACC-ACA9-BDC2AECCB0D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "80801CD8-EEAF-4BC4-9085-DCCC6CF73076",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "FAF4C78A-5093-4871-AF69-A8E8FD7E1AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "560AD4C7-89D2-4323-BBCC-A89EEB6832CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "6B389CBC-4F6C-4C17-A87B-A6DD92703A10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DDFBA043-91BC-4FB5-A34D-FCE1A9C65A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8901A808-66F1-4501-AFF6-6FBB22852855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B88D1373-6E41-4EF4-86A0-CE85EA3BF23E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F42315C-35AF-4EDD-8B78-A9EDB9F85D59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62147F86-C2E6-4D55-9C72-F8BB430F2F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE4D1FFD-3AFE-4F52-BCBE-A56609B2D7EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5B2CD349-B9BF-4752-B7B9-665BF718EDB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11A8F675-A91F-4E41-AA2B-5214DF79C69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "75B6A811-2B5A-484A-9878-C8E2C3E7633C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "456769EF-8961-4038-A7D5-B980147159E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7439C998-E396-4EEC-9C21-E82D27459EA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A1CD246C-1104-4DA1-9BFD-ED0B1FBA7EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1D4D8C9-5A00-46FE-9E42-CB8C2D66B120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E639BCCB-A6BF-4174-BFAF-9674E65BA404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:10.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDFC5947-3C3D-4484-8803-D6629C63B315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:10.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A04BF0E2-0A40-4396-A46A-005D103D9E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:10.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C4C930-6EC1-469D-811C-E85490AB38C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FEA6800-CBDB-497A-BBBE-1C40E8484A89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF604D56-5D81-4276-88A1-AE321929E22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:12.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "AB630A94-DA1F-4A7F-891D-E6F242C20271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F3F637A-AF5B-41B8-AE42-CFB28FD05249",
"versionEndIncluding": "3.12.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44E0E1D0-F71C-4A3F-B3EE-97B299EF2AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47CD4C15-02C8-42F2-9AF3-E44F74DE62B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3DDE473-7A61-46AD-9D3B-CA299928FD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "046596DB-57EB-4354-A79E-B3B1D5B4DD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0755B957-CB78-4B8E-9CFE-D53389789ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "17D292FA-E062-4C52-AE0A-CA7D183D9E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83E1A0EA-9E2F-407F-A72F-D5061B6CD318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B565D82B-CAB8-4512-B7B7-0402146DD2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "68341EA6-4FF0-4F87-AC71-4EC5D648406C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A91596AC-3F28-4BBD-A697-81909A5407B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A57A5053-018B-468C-BC18-5140E6B5B048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C2962B1B-4B7F-4527-AE4C-C76787FEDB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE921188-7A50-479F-853F-95127C9BE4E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F710939C-8598-40FE-9D5F-A3665723A5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75572113-BD36-49BB-B7A1-177EB7DD3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F18265E-EE99-4D0F-B975-22A86077A611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E3EA58-3FD3-4AD8-AA63-057F8D31301B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A51D3086-99CB-4C01-B286-3F7F6B6FB3AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA7EB49-52A7-4AFC-9D7D-0225A430B636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EAD5F88F-038C-4973-8391-C40C08573F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F474C4B3-B85D-4059-B5D9-84238A642EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BB4C26-42DC-48F7-B73B-4C88FD3D1E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0FCC4537-605F-4A3B-AAD1-FC7D0F44F6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E62D1D1B-985D-440B-AD23-3F16AEC8DA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54B8C2DA-E663-437B-83DA-5521AF002C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94C2A7CF-71DB-431C-8F13-E6F46961F68D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65895B21-5140-4F99-9CD7-DD85E1D755DB",
"versionEndIncluding": "2.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09E18FC0-0C8C-4FA1-85B9-B868D00F002F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "4A97B6E1-EABA-4977-A3FC-64DF0392AA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "CB01A97F-ACE1-4A99-8939-6DF8FE5B5E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6521C877-63C9-4B6E-9FC9-1263FFBB7950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D949DF0A-CBC2-40E1-AE6C-60E6F58D2481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5CDA57-1A50-4EDB-80E2-D3EBB44EA653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "22D33486-4956-4E2C-BA16-FA269A9D02BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3104343E-93B6-4D4A-BC95-ED9F7E91FB6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "381313EF-DF84-4F66-9962-DE8F45029D79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A0228476-14E4-443C-BBAE-2C9CD8594DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A803A500-DCE2-44FC-ABEB-A90A1D39D85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "022274DE-5251-49C9-B6E5-1D8CEDC34E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9F84CB7-93F7-4912-BC87-497867B96491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "8992E9C6-09B3-492E-B7DA-899D5238EC18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "D58B704B-F06E-44C1-BBD1-A090D1E6583A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40270FBD-744A-49D9-9FFA-1DCD897210D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20E01097-F60A-4FB2-BA47-84A267EE87D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F65732F-317B-49A2-B9B0-FA1102B8B45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DB430F19-069A-43FD-9097-586D4449D327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "76AD0439-3BFB-4AD1-8E2C-99D0B099FA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1E6D7528-E591-48A6-8165-BE42F8EBF6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BA710423-0075-44B8-9DCB-6380FA974486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C5521DA3-E6AF-4350-B971-10B4A1C9B1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DDD15752-A253-47B1-BCE0-B55B84B47C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "60B39A9D-44A4-4D7F-9004-C44066BBE277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F203EC52-2126-4227-AF3B-23857E5BB222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E951567B-8402-42EA-AE33-EBA9235A868F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "82A94198-7EBF-4D8A-A99A-A32A8561FF2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1BFFBC58-ACD2-449D-B010-5026D6022F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "83EED5D2-EC40-4253-991B-0C746FBEF6A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0F73092C-1458-4278-A30D-C0F89B1F82F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "AAB559BD-4BF7-417F-962F-B8971FF1614B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "7B528A25-003F-4614-B55B-AF46B66EDB44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0078D890-6456-4F45-A3AE-B1A2BFAC6A4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "69DD17EC-99EB-46C1-98E9-16A2EDB8E224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F35F7EA1-8C98-4A3E-8767-89DBC26A32B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EF89719E-C415-45A3-A1CC-FAFDFCAE3055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58EB8E8A-84DE-43AA-B8F0-B585FB73D724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*",
"matchCriteriaId": "C19C0BF7-390D-4E2E-BA32-28DFF73C55F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*",
"matchCriteriaId": "5FE5E50C-80ED-4CA7-BC85-8BD2E324D527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*",
"matchCriteriaId": "FEBF912C-A12E-4DBD-84AC-8B440E190BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*",
"matchCriteriaId": "9B8EDED6-29EF-4A9F-955D-F5E6611C2141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "EDC9C82D-586A-48F4-B540-1E2AE79806B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "51FCF83B-630A-4413-BFAA-0C24A6B8F4F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "84B2AA0A-0220-49DD-82CD-37FDC563F146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D754AF10-1E43-46C8-A444-E7DB3401509D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34182167-F1DF-455B-BFDB-0A8491590479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8ECA6CE-20D0-4A4F-B376-888A9328B044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1FEFCAB0-E57A-46E8-94C7-8510BB87C6B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9FB5C972-AF7B-4EC7-BCE5-867CACCF5C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C68DBB31-7804-446E-9A53-073E4B74E851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "31ADCC51-CE05-4EB6-BE8F-B64FD62946A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "387390AE-CF25-47ED-BD36-F42455DE1A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "78D5F0AD-9974-40A1-942F-0F03A278DAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2C388E6F-148E-4EA5-8D82-7778398122BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1FEB21-60B1-4303-BE19-576CC93B940C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "37F07875-FB5E-4B13-9798-BF9AEBD8A2A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "87FD9961-DA1C-4846-A779-A836C07B98A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4A40438F-0CF1-4A3E-BAC7-199D72901B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EB46CA-D5DD-4FA8-A234-21C938620F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "635FCE4C-2D15-4FB2-8917-D176B1539024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "E59E74C2-38F2-4B7F-88C0-9919548713B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "DB6663ED-4643-4BB7-B281-706C7A0E10F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E7E8003B-C319-4AD0-9D32-DA05346869C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E60060B4-2301-497E-B03B-3DF3FBF159AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*",
"matchCriteriaId": "4983E235-19E8-4315-977B-E74CD0BD5F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5C0D4ECE-209E-4919-B31C-D8BCCEABC759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B02ED302-0410-4F21-99C5-613DF719E7E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "07C298DB-767F-4703-B2DD-6499A11CEC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*",
"matchCriteriaId": "46A3F5F4-CD81-4970-9A1B-38CC0308D450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*",
"matchCriteriaId": "799A7D47-5A5B-4B4A-A462-8A488E04F5D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.2:beta3:*:*:*:*:*:*",
"matchCriteriaId": "EB80610A-8A8A-4383-817D-9179D755165C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDEF27E-28F1-4F4F-8E0A-045DDD12C984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:*",
"matchCriteriaId": "43FC803B-C653-49C5-9412-7B128697F41B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:*",
"matchCriteriaId": "515BD552-738E-4D23-B040-2690F81CC8AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8116FBF8-8BFA-4B23-805F-5A2A4EF1D1C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "244E732B-CA8D-4A3C-9657-50C0A7F57846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D56D1B7-D582-4FB3-B85D-AFD56DBE3A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "02449F70-53DA-494A-A287-D12A96B35005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "110E8C15-84FE-4A28-9538-7A7E8BC47F0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CD179C16-CDA6-4614-96FE-C4CAF9DB5D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C8CF55C9-50EC-40CA-BBED-F24479A368BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.4:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C05D23FA-DC1F-49C7-8D27-E87DBE54E815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "87E92301-D350-4241-9DDE-7402392ACDFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1D02EDB8-717F-487C-81D1-754AA0C07A66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "89C54670-6E2D-4D43-A46C-23DA021A71A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C792E8F2-411D-46C5-B800-D2749AC6865D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C564D4CD-FC0A-4488-8D5C-25BCCCF1982D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.5:beta4:*:*:*:*:*:*",
"matchCriteriaId": "CD4C2E80-2E5A-4F02-A491-8D9C71CB7F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "22584775-39EC-49B1-A451-3665AB580DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.6:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9A283292-A32D-4F21-BEA6-3B11001CDCBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.6:beta2:*:*:*:*:*:*",
"matchCriteriaId": "823CF58E-E8CB-46C0-A5BC-A6AC3FA9463B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.6:beta3:*:*:*:*:*:*",
"matchCriteriaId": "B6E9F40E-B865-4AFE-9E12-68E7DCA3D4E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.6:beta4:*:*:*:*:*:*",
"matchCriteriaId": "FA24FF47-60A9-499F-A19A-B37BEB621104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43461096-9495-4A87-8F08-8592BC9BC336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EB949258-274B-46CE-BA9F-1B63F6E242C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.7:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E679A629-D0EF-492C-AD9F-B7EE3F7ABFA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.7:beta2:*:*:*:*:*:*",
"matchCriteriaId": "5CB3FFED-F4D8-4E6D-B520-13B9B10BBAF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.7:beta3:*:*:*:*:*:*",
"matchCriteriaId": "03030B88-1B79-49E8-A417-E64A5345FDD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.7:beta4:*:*:*:*:*:*",
"matchCriteriaId": "DB4E52BE-928D-4110-865D-ECA67FA2C3F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.7:beta5:*:*:*:*:*:*",
"matchCriteriaId": "9C43FA6A-E002-4B3E-A23A-35E6D8F216E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38264FA7-28B8-465A-A3AB-07B74477DD8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE61906-F2EA-492D-A22C-935DA1F3E6BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "83113578-155E-4D55-BA88-75D7F2BA86CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.8:beta1:*:*:*:*:*:*",
"matchCriteriaId": "A2D54DA0-1F70-43CD-B8A4-3E526D2BC3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.8:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B49B1A62-5CA6-473B-886B-A3E1D44C7FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.8:beta3:*:*:*:*:*:*",
"matchCriteriaId": "DA112863-42AC-48E7-9889-33AE94E92705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.8:beta4:*:*:*:*:*:*",
"matchCriteriaId": "0488EDAD-667E-45C9-AFC3-7146A68B4FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.8:beta5:*:*:*:*:*:*",
"matchCriteriaId": "A732B3B1-C1F0-44D1-BA77-2FCDE70C5008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.8:beta6:*:*:*:*:*:*",
"matchCriteriaId": "A35415FA-8B86-4ABA-8B65-7C714B98BF44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.9:beta1:*:*:*:*:*:*",
"matchCriteriaId": "50A169FF-51AF-40EB-9A9F-CB55F0FD9BED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.9:beta2:*:*:*:*:*:*",
"matchCriteriaId": "ADB90839-EB91-4744-B80B-43C363DD801E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.9:beta3:*:*:*:*:*:*",
"matchCriteriaId": "0EC9641B-18F3-4900-9EEC-9864E60E6D5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B82F27E4-BF6A-4F26-B50A-E4C0C19195B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "158215B1-22D3-4441-8F48-CAC048C2FF61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28596BA2-CEBB-466F-AF7B-C47E92450672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EABF0A0D-8B5A-421A-87E5-67A226736775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68E31768-892B-42DA-B81A-C14C95C3F26C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE719B1-2C70-4781-BEB1-58D1D414905F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5BE5DD-4FC8-497A-AED3-3354C09CA71E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CCE074F-58FE-4B1B-849D-879825D96767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "427DE88B-A729-43F8-B7FE-6DCDC91A7FA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD390621-599E-4B61-B51E-454AE6EC1A7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89FA8D98-6B0B-44C0-8B7C-A1DE70213E2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:10.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0AE5FFDE-5C48-41B3-A143-D9FFAB05E385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:10.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8CFA5B3D-D696-4BF4-9DB7-FBD703851D7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:10.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "80B2A29B-B05D-43C3-AB1C-EDDF0EE80BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D53417-33FC-4AE6-8B12-6D241643CD97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEFF0965-0691-47AE-9A9B-36E428C69F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird_esr:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "369438BA-3E3E-4F4A-9D55-37201BCC19EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird_esr:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C6BE133-ED60-489A-9EA4-239FFFAD13A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird_esr:10.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "772CC146-E2FA-4E18-AAAB-1D04D8572DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird_esr:10.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7EAFAA60-E23E-4BAD-ACE6-17E760F03FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird_esr:10.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD8FF90-E66B-4D22-A5E1-558D6384D152",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response."
},
{
"lang": "es",
"value": "El decodificador ASN.1 en el decodificador QuickDER en Mozilla Network Security Services (NSS) antes de v3.13.4, como se usa en Firefox v4.x a v12.0, Firefox ESR v10.x antes de v10.0.5, Thunderbird v5.0 a v12.0, Thunderbird VSG v10.x antes de v10.0.5, y SeaMonkey antes de v2.10, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un elemento de longitud cero, como lo demuestra (1) una restricci\u00f3n b\u00e1sica de longitud cero o (2) un campo de longitud cero en una respuesta de OCSP."
}
],
"id": "CVE-2012-0441",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-05T23:55:01.403",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/49976"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/50316"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2490"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:088"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-39.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/53798"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1540-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1540-2"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=715073"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-39.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1540-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1540-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=715073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16701"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-08 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | network_security_services | * | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 11.10 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 | |
| oracle | enterprise_manager_ops_center | 11.1 | |
| oracle | enterprise_manager_ops_center | 12.1 | |
| oracle | enterprise_manager_ops_center | 12.2 | |
| oracle | glassfish_communications_server | 2.0 | |
| oracle | glassfish_server | 2.1.1 | |
| oracle | iplanet_web_proxy_server | 4.0 | |
| oracle | iplanet_web_server | 6.1 | |
| oracle | iplanet_web_server | 7.0 | |
| oracle | opensso | 3.0-03 | |
| oracle | traffic_director | 11.1.1.6.0 | |
| oracle | traffic_director | 11.1.1.7.0 | |
| oracle | vm_server | 3.2 | |
| redhat | enterprise_linux_desktop | 5.0 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_eus | 5.9 | |
| redhat | enterprise_linux_server | 5.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server_aus | 5.9 | |
| redhat | enterprise_linux_workstation | 5.0 | |
| redhat | enterprise_linux_workstation | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "678B1E05-61E2-4D39-9E97-9ED904C08C64",
"versionEndExcluding": "3.14.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
"matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E71A360-F385-4148-9C21-339D337EC3B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB0370B1-0A34-4CC5-B45C-AE3A5D3ABF5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D8590A7B-CDAC-43EC-9D61-6FE4F8FCEB89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:glassfish_communications_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B579EB86-B401-4EF5-A2EB-5A2B7DCD3664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E80F5AC-A2EF-4D8A-AE8F-5DD0FF9B48C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:iplanet_web_proxy_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9E3545-A799-427A-8FE4-1E8231A7A284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:iplanet_web_server:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89537672-E131-4304-A7A7-D3313E3AFC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:iplanet_web_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A972CA67-3909-4E9A-B8FC-7AAE5126528A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:opensso:3.0-03:*:*:*:*:*:*:*",
"matchCriteriaId": "BD26723D-B540-4E20-ABA3-6B04AF27755F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:traffic_director:11.1.1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8934FD3F-B3FD-42F1-8804-187099C01EA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:traffic_director:11.1.1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEFBE568-3193-45BA-92D1-D5E47C09DDEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86:*",
"matchCriteriaId": "FC9E8528-0FB8-4BF0-A9EF-6CC84A2631A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6252E88C-27FF-420D-A64A-C34124CF7E6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "92C9F1C4-55B0-426D-BB5E-01372C23AF97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169."
},
{
"lang": "es",
"value": "La implementaci\u00f3n en Mozilla Network Security Services (NSS) de TLS no tiene debidamente en cuenta tiempos de canal lateral ataques a una operaci\u00f3n de comprobaci\u00f3n de incumplimiento MAC durante el procesamiento de malformaciones relleno CBC, que permite a atacantes remotos para realizar ataques distintivos y los ataques de recuperaci\u00f3n de texto plano-a trav\u00e9s de an\u00e1lisis estad\u00edstico de datos de tiempo de los paquetes hechos a mano, una cuesti\u00f3n relacionada con CVE-2013-0169."
}
],
"id": "CVE-2013-1620",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-08T19:55:01.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1135.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1144.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/57777"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/64758"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1763-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1135.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1144.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/57777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/64758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1763-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-18 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "969518FE-C12D-4A94-A437-DFB9A35DBE9F",
"versionEndIncluding": "3.15.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44E0E1D0-F71C-4A3F-B3EE-97B299EF2AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47CD4C15-02C8-42F2-9AF3-E44F74DE62B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3DDE473-7A61-46AD-9D3B-CA299928FD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "046596DB-57EB-4354-A79E-B3B1D5B4DD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0755B957-CB78-4B8E-9CFE-D53389789ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "17D292FA-E062-4C52-AE0A-CA7D183D9E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83E1A0EA-9E2F-407F-A72F-D5061B6CD318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B565D82B-CAB8-4512-B7B7-0402146DD2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "68341EA6-4FF0-4F87-AC71-4EC5D648406C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A91596AC-3F28-4BBD-A697-81909A5407B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A57A5053-018B-468C-BC18-5140E6B5B048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C2962B1B-4B7F-4527-AE4C-C76787FEDB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE921188-7A50-479F-853F-95127C9BE4E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F710939C-8598-40FE-9D5F-A3665723A5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75572113-BD36-49BB-B7A1-177EB7DD3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F18265E-EE99-4D0F-B975-22A86077A611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E3EA58-3FD3-4AD8-AA63-057F8D31301B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A51D3086-99CB-4C01-B286-3F7F6B6FB3AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA7EB49-52A7-4AFC-9D7D-0225A430B636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EAD5F88F-038C-4973-8391-C40C08573F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F474C4B3-B85D-4059-B5D9-84238A642EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BB4C26-42DC-48F7-B73B-4C88FD3D1E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0FCC4537-605F-4A3B-AAD1-FC7D0F44F6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E62D1D1B-985D-440B-AD23-3F16AEC8DA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54B8C2DA-E663-437B-83DA-5521AF002C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94C2A7CF-71DB-431C-8F13-E6F46961F68D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "000A1698-C9DE-49A1-9F5D-FDED34A134E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "601788BD-8B31-417F-AE7D-BE8E4107C1EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06A99645-6A81-40C3-B46F-3D1ABF00EF00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EBCB20B-A367-485F-9115-04EABBE69C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E38E21D-23A9-4D0D-B45B-AF019CD448F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "33955B7C-ABA0-49E3-BEF8-AD29FD31DA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "42C5B25D-E039-427D-8655-FD6BB9302793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E3FD4C-57C7-49CC-B970-18FE767A5ABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE6B5A1-2E92-427A-810F-0139632F4410",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "548E3AAC-3628-4CA4-98CF-7F3724F4355D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8E39AD87-3C6C-4B2F-AC3C-84FDBE184440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "99EDA73B-F030-48C0-AAC1-7B8FF1D9E54E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3720323-D3BD-4ACD-93B7-B1687E2B241B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AA512E-B2EA-4C73-91B9-14BD5776EE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D2D713-5A78-4D78-BF0B-2BC1A621D4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD0792F-A78A-420B-8069-67920BC5DEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A05D7AA9-8EA2-4063-B853-FE1E3CA85B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B591920E-38ED-4046-AD08-E31464C61A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7456D704-3B98-42EC-929A-91BD1E95233F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27F38E50-AF67-4F2B-9DA2-0BDC4BE7D5BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic."
},
{
"lang": "es",
"value": "La funci\u00f3n ssl_Do1stHandshake en sslsecur.c en libssl de Mozilla Network Security Services (NSS) anteriores a 3.15.4, cuando la funcionalidad TLS False Start est\u00e1 habilitada, permite a atacantes man-in-the-middle falsear servidores SSL utilizando un certificado X.509 arbitrario durante cierto tr\u00e1fico de handshake."
}
],
"id": "CVE-2013-1740",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-18T22:55:03.117",
"references": [
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html"
},
{
"source": "security@mozilla.org",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/bid/64944"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2088-1"
},
{
"source": "security@mozilla.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"source": "security@mozilla.org",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=498172"
},
{
"source": "security@mozilla.org",
"tags": [
"Exploit"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=919877"
},
{
"source": "security@mozilla.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1053725"
},
{
"source": "security@mozilla.org",
"url": "https://developer.mozilla.org/docs/NSS/NSS_3.15.4_release_notes"
},
{
"source": "security@mozilla.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2088-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=498172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=919877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1053725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://developer.mozilla.org/docs/NSS/NSS_3.15.4_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90394"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-26 20:28
Modified
2025-04-09 00:30
Severity ?
Summary
Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84199209-42FB-4812-B7AF-F99CEC3E4C76",
"versionEndIncluding": "1.5.0.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C7AA88B-638A-451A-B235-A1A1444BE417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C01AD7C-8470-47AB-B8AE-670E3A381E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7E43F2F1-9252-4B44-8A61-D05305915A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3BB9D48B-DC7B-4D92-BB26-B6DE629A2506",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A360D595-A829-4DDE-932E-9995626917E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6E9B5349-FAA7-4CDA-9533-1AD1ACDFAC4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "07243837-C353-4C25-A5B1-4DA32807E97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B832C034-F793-415F-BFC8-D97A18BA6BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83CD1A13-66CB-49CC-BD84-5D8334DB774A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2434FCE7-A50B-4527-9970-C7224B31141C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
"matchCriteriaId": "5633FB6E-D623-49D4-9858-4E20E64DE458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "567FF916-7DE0-403C-8528-7931A43E0D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "010B34F4-910E-4515-990B-8E72DF009578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A545A77-2198-4685-A87F-E0F2DAECECF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*",
"matchCriteriaId": "438AACF8-006F-4522-853F-30DBBABD8C15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7447185-7509-449D-8907-F30A42CF7EB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3FFF89FA-2020-43CC-BACD-D66117B3DD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "834BB391-5EB5-43A8-980A-D305EDAE6FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9A38AD88-BAA6-4FBE-885B-69E951BD1EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B500EE6C-99DB-49A3-A1F1-AFFD7FE28068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4F2938F2-A801-45E5-8E06-BE03DE03C8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F18A45C0-419C-4723-AB7D-5880EF668CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ABB88E86-6E83-4A59-9266-8B98AA91774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7D6BF5B1-86D1-47FE-9D9C-735718F94874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84D15CE0-69DF-4EFD-801E-96A4D6AABEDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE203DE-6C0E-4FDE-9C3A-0E73430F17DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F38886-C25A-4C6B-93E7-36461405BA99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C65D2670-F37F-48CB-804A-D35BB1C27D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DE8E5194-7B34-4802-BDA6-6A86EB5EDE05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FABA5F56-99F7-4F8F-9CC1-5B0B2EB72922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2917BD67-CE81-4B94-B241-D4A9DDA60319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F71436CF-F756-44E0-8E69-6951F6B3E54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "582EE839-B83F-4908-9780-D0C92DC44FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "824369CF-00A0-434E-94BC-71CA1317012C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3487FA64-BE04-42CA-861E-3DAC097D7D32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D956DC-C73B-439F-8D79-8239207CC76F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EAD5F88F-038C-4973-8391-C40C08573F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F474C4B3-B85D-4059-B5D9-84238A642EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BB4C26-42DC-48F7-B73B-4C88FD3D1E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0679D9AD-ECEA-4C75-BFED-822F00A49628",
"versionEndIncluding": "1.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09E18FC0-0C8C-4FA1-85B9-B868D00F002F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6521C877-63C9-4B6E-9FC9-1263FFBB7950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D949DF0A-CBC2-40E1-AE6C-60E6F58D2481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5CDA57-1A50-4EDB-80E2-D3EBB44EA653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "22D33486-4956-4E2C-BA16-FA269A9D02BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3104343E-93B6-4D4A-BC95-ED9F7E91FB6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "381313EF-DF84-4F66-9962-DE8F45029D79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "498716C3-FAA0-4156-8EAC-EF1F9A8C69F4",
"versionEndIncluding": "1.5.0.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0618BD26-0EF5-4774-9131-B5ABD4CD302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D604DAE-DF63-413C-9F49-FFC8E84699F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "11DE6185-09F4-48E3-9742-F9D8030B5774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E70864-E077-4CD6-A0E8-BC2C4C298A6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "61E565E5-286D-4A68-B085-5659DFE59A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8E2A68B4-9101-4AC5-9E82-EEB5A5405541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "70DDB53E-7A12-4A08-8999-DB68E6DF901E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6514EDE8-7C78-4C72-A313-E0915D89E4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5263F879-9B90-4582-B677-F133DEBE5259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C256B73C-9ABC-43D4-8C57-09161BC9F923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "055D1044-9FC5-45AA-8407-649E96C5AFE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C1C87A5-C14D-4A23-B865-3BB1FCDC8470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C4DB0BB-BFD7-4E7A-B3EF-9C5422602216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D56153-E20A-46D8-859E-A51E5C03D674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2C51A6F4-F88F-4BF2-BF71-5DC48559C085",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FFC390CB-774C-47BE-95C3-059943A9E645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B71DE7AC-553B-4524-8B33-5605518449EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "72B02389-0DCD-45BC-A09F-CB6B75940616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "41AE4644-2D23-43EA-ABDA-7BE60EFD1EFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4FB87608-0DF8-4729-95C5-CFA386AB3AC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "1A406214-29E5-4E13-B2E1-1CF72F1E60BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6C169DA-26BC-42EE-817B-2F0685069495",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C99BAF7-B48E-4402-B2BF-EB07235E402E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3F0C73F-291F-4A92-87B8-2269B5C1516D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A0ADE8D7-B3C3-4490-9CD5-0263BBA75D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C86FD617-E4FE-4F85-AAA4-4F968A9DEC9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "938B1260-74A7-4CFF-8086-415DCC284430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E28672BA-E3C2-40C3-80E1-95B7CDD089E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9308147C-0A23-48BC-BFA9-A49B9D73014E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the \"Master Secret\", which results in a heap-based overflow."
},
{
"lang": "es",
"value": "Un subdesbordamiento de enteros en el soporte SSLv2 en Mozilla Network Security Services (NSS) versiones anteriores a 3.11.5, como es usado por Firefox versiones anteriores a 1.5.0.10 y versiones 2.x anteriores a 2.0.0.2, SeaMonkey versiones anteriores a 1.0.8, Thunderbird versiones anteriores a 1.5.0.10, y ciertos productos de servidor de Sun Java System anteriores a 20070611, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un mensaje de servidor SSLv2 especialmente dise\u00f1ado que contiene una clave p\u00fablica que es demasiado corta para cifrar el \"Master Secret\", lo resulta en un desbordamiento en la regi\u00f3n heap de la memoria."
}
],
"id": "CVE-2007-0008",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-26T20:28:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"
},
{
"source": "secalert@redhat.com",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"
},
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/cms/node/2709"
},
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/cms/node/2711"
},
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/cms/node/2713"
},
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/cms/node/2728"
},
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/cms/node/2747"
},
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/cms/node/2749"
},
{
"source": "secalert@redhat.com",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"source": "secalert@redhat.com",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24205"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24238"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24252"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24253"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24277"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24287"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24290"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24293"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24320"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24328"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24333"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/24342"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24343"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24384"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24389"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24395"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/24406"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24410"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/24455"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/24456"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/24457"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24522"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24562"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24650"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24703"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/25588"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/25597"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200703-18.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
},
{
"source": "secalert@redhat.com",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.363947"
},
{
"source": "secalert@redhat.com",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.374851"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2007/dsa-1336"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/377812"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:052"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-06.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/32105"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/22694"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1017696"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-428-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-431-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2007/0718"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2007/0719"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2007/1165"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2007/2141"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=364319"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32666"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-1081"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-1103"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/cms/node/2709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/cms/node/2711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/cms/node/2713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/cms/node/2728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/cms/node/2747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/cms/node/2749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200703-18.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.363947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.374851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/377812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-06.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/32105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-428-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-431-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=364319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10502"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-27 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | network_security_services | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF36FE92-B3FB-4ABB-82C4-E18CF98D1A58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en la funci\u00f3n __hash_open en lib/dbm/src/hash.c en Mozilla Network Security Services (NSS) permite que atacantes dependientes del contexto provoquen un impacto no especificado empleando un archivo cert8.db manipulado."
}
],
"id": "CVE-2017-11696",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-27T19:29:00.567",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Aug/17"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.geeknik.net/9brdqk6xu"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100345"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039153"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202003-37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Aug/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.geeknik.net/9brdqk6xu"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202003-37"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-27 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | network_security_services | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF36FE92-B3FB-4ABB-82C4-E18CF98D1A58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en la funci\u00f3n __get_page en lib/dbm/src/h_page.c en Mozilla Network Security Services (NSS) permite que atacantes dependientes del contexto provoquen un impacto no especificado empleando un archivo cert8.db manipulado."
}
],
"id": "CVE-2017-11698",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-27T19:29:00.660",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Aug/17"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.geeknik.net/9brdqk6xu"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100345"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039153"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202003-37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Aug/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.geeknik.net/9brdqk6xu"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202003-37"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-02 17:29
Modified
2024-11-21 03:45
Severity ?
Summary
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | network_security_services | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F615818-61AD-43BF-A480-D5ED3C3567FD",
"versionEndExcluding": "3.41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41."
},
{
"lang": "es",
"value": "Un ataque de canal lateral en cach\u00e9 durante transacciones usando RSA podr\u00eda permitir el descifrado de contenido encriptado. Esta es una variante del ataque Adaptive Chosen Ciphertext (conocido como ataque Bleichenbacher) y afecta a todas las versiones de NSS anteriores a NSS 3.41."
}
],
"id": "CVE-2018-12404",
"lastModified": "2024-11-21T03:45:09.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-02T17:29:01.677",
"references": [
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107260"
},
{
"source": "security@mozilla.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2237"
},
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"VDB Entry",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404"
},
{
"source": "security@mozilla.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"source": "security@mozilla.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html"
},
{
"source": "security@mozilla.org",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
},
{
"source": "security@mozilla.org",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"VDB Entry",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-06 05:44
Modified
2025-04-11 00:51
Severity ?
Summary
Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox | * | |
| mozilla | firefox_esr | * | |
| mozilla | network_security_services | * | |
| mozilla | seamonkey | * | |
| mozilla | thunderbird | * | |
| oracle | enterprise_manager_ops_center | * | |
| oracle | enterprise_manager_ops_center | 12.2.0 | |
| oracle | enterprise_manager_ops_center | 12.2.1 | |
| oracle | enterprise_manager_ops_center | 12.3.0 | |
| oracle | vm_server | 3.2 | |
| fedoraproject | fedora | 19 | |
| fedoraproject | fedora | 20 | |
| opensuse | opensuse | 11.4 | |
| opensuse | opensuse | 12.3 | |
| opensuse | opensuse | 13.1 | |
| suse | linux_enterprise_desktop | 11 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_software_development_kit | 11 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 | |
| canonical | ubuntu_linux | 13.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86B3B84A-9D1F-4863-987C-5C958B05C523",
"versionEndExcluding": "27.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61098C94-A0E8-4993-8368-9E9900BAB49D",
"versionEndExcluding": "24.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA8EEC7-FACD-41E8-AF9F-F8DB0D477D8C",
"versionEndExcluding": "3.15.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
"matchCriteriaId": "328319A6-42EE-408E-91A8-87156C17AE46",
"versionEndExcluding": "2.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4295262-F0E0-4E6B-A01C-C7BF51CB011E",
"versionEndExcluding": "24.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A70BB445-EF2B-4C9D-8502-FDD6A19F8C30",
"versionEndExcluding": "12.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4725EA61-9BAB-4E72-9F92-ADE4624439CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D0879FB1-58E2-4EC4-8111-044642E046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7CF2929-4CBC-4B56-87AE-F45F53BD8DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86:*",
"matchCriteriaId": "FC9E8528-0FB8-4BF0-A9EF-6CC84A2631A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
"matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "8B072472-B463-4647-885D-E40B0115C810",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*",
"matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "2F7F8866-DEAD-44D1-AB10-21EE611AA026",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value."
},
{
"lang": "es",
"value": "Mozilla Network Security Services (NSS) anterior a 3.15.4, utilizado en Mozilla Firefox anterior a 27.0, Firefox ESR 24.x anterior a 24.3, Thunderbird anterior a 24.3, SeaMonkey anterior a 2.24 y otros productos, no restringe debidamente los valores p\u00fablicos en el intercambio de claves de Diffie-Hellman, lo que facilita a atacantes remotos evadir mecanismos de protecci\u00f3n criptogr\u00e1fica en el manejo de tickets mediante el aprovechamiento de un cierto valor."
}
],
"id": "CVE-2014-1491",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-06T05:44:25.127",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://hg.mozilla.org/projects/nss/rev/12c42006aed8"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Not Applicable"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/56858"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/56888"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/56922"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-2858"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-2994"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-12.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Not Applicable"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/65332"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029717"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029720"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029721"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2102-1"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2102-2"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2119-1"
},
{
"source": "security@mozilla.org",
"tags": [
"Not Applicable"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=934545"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90886"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://hg.mozilla.org/projects/nss/rev/12c42006aed8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/56858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/56888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/56922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-2858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-2994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-12.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/65332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2102-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2102-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2119-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=934545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201504-01"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-15 18:59
Modified
2025-04-12 10:46
Severity ?
Summary
The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as demonstrated by the SEC_QuickDERDecodeItem function's improper handling of an arbitrary-length encoding of 0x00.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | network_security_services | * | |
| mozilla | network_security_services | 3.16.2.0 | |
| mozilla | network_security_services | 3.16.2.1 | |
| mozilla | network_security_services | 3.16.2.2 | |
| mozilla | network_security_services | 3.17.0 | |
| mozilla | network_security_services | 3.17.1 | |
| mozilla | network_security_services | 3.17.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA8CC13-D505-4542-AA83-E09EFC2235AF",
"versionEndIncluding": "3.16.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.16.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "741710EC-9380-4ED2-83B0-D51BEDCCD689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.16.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "521296D6-DEEC-4E93-A69B-DECAD87D665C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.16.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9547952F-E79F-406A-9DE8-E69DF26D7F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A3356055-AC7A-4881-BEB9-6501D1C8563B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0EE71F-5A1A-4E70-8391-CECC296CF153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "81AE928D-0CFF-430F-9F81-2A6FC9239663",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as demonstrated by the SEC_QuickDERDecodeItem function\u0027s improper handling of an arbitrary-length encoding of 0x00."
},
{
"lang": "es",
"value": "La funci\u00f3n definite_length_decoder en lib/util/quickder.c en Mozilla Network Security Services (NSS) anterior a 3.16.2.4 y 3.17.x anterior a 3.17.3 no asegura que la codfifcaci\u00f3n DER de una longitud ASN.1 est\u00e1 formada correctamente, lo que permite a atacantes remotos realizar ataques del trafico de datos mediante el uso de una secuencia de bytes larga para una codificaci\u00f3n, tal y como fue demostrado por el mal manejo de la funci\u00f3n SEC_QuickDERDecodeItem de la codificaci\u00f3n de longitud arbitraria de 0x00."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/444.html\"\u003eCWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)\u003c/a\u003e",
"id": "CVE-2014-1569",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-15T18:59:00.067",
"references": [
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2015/dsa-3186"
},
{
"source": "security@mozilla.org",
"tags": [
"Exploit"
],
"url": "http://www.intelsecurity.com/resources/wp-berserk-analysis-part-1.pdf"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.securitytracker.com/id/1032909"
},
{
"source": "security@mozilla.org",
"tags": [
"Exploit"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1064670"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.3_release_notes"
},
{
"source": "security@mozilla.org",
"tags": [
"Exploit"
],
"url": "https://www.imperialviolet.org/2014/09/26/pkcs1.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Exploit"
],
"url": "https://www.reddit.com/r/netsec/comments/2hd1m8/rsa_signature_forgery_in_nss/cksnr02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.intelsecurity.com/resources/wp-berserk-analysis-part-1.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1064670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.3_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.imperialviolet.org/2014/09/26/pkcs1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.reddit.com/r/netsec/comments/2hd1m8/rsa_signature_forgery_in_nss/cksnr02"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-19 13:29
Modified
2024-11-21 03:01
Severity ?
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.mozilla.org/show_bug.cgi?id=1320695 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.mozilla.org/show_bug.cgi?id=1320695 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | network_security_services | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2844FEE-4883-4662-936F-5B54075D9F09",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA."
},
{
"lang": "es",
"value": "nss en versiones anteriores a la 3.30 es vulnerable a una denegaci\u00f3n de servicio (DoS) remota durante el handshake de sesi\u00f3n al emplear la extensi\u00f3n SessionTicket y ECDHE-ECDSA."
}
],
"id": "CVE-2016-9574",
"lastModified": "2024-11-21T03:01:25.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-19T13:29:00.213",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-325"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-03 14:30
Modified
2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | network_security_services | 3.12.3 | |
| aol | instant_messenger | * | |
| gnome | evolution | * | |
| mozilla | firefox | * | |
| mozilla | seamonkey | * | |
| mozilla | thunderbird | * | |
| pidgin | pidgin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "000A1698-C9DE-49A1-9F5D-FDED34A134E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aol:instant_messenger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8DF7CEB-81F5-46FC-9588-AF5326957C89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:gnome:evolution:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6606C39B-8137-44B6-A96E-E0B8F67FAFFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14E6A30E-7577-4569-9309-53A0AF7FE3AC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
"matchCriteriaId": "138701FB-929A-4683-B41F-CB014ACFE44A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C8E657-3049-4462-98F6-296C60BC8C5C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87A0BF9F-F7E9-4196-BEF7-800B4C850990",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en el analizador de expresiones regulares en Mozilla NetWork Security Services (NSS) anteriores a 3.12.3 como las utilizadas en Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, y AOL Instant Messenger (AIM), permite a servidores SSL remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un nombre de dominio largo en el campo Common Name (CN) en un certificado X.509, relativo a la funci\u00f3n cert_TestHost_Name.\r\n"
}
],
"id": "CVE-2009-2404",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-08-03T14:30:00.610",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1185.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36088"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36102"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36125"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36139"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36157"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/36434"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/37098"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/39428"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.blackhat.com/presentations/bh-usa-09/MARLINSPIKE/BHUSA09-Marlinspike-DefeatSSL-SLIDES.pdf"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2009/dsa-1874"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-43.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2009_48_firefox.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1207.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35891"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-810-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2085"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=512912"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11174"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8658"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/810-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1185.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.blackhat.com/presentations/bh-usa-09/MARLINSPIKE/BHUSA09-Marlinspike-DefeatSSL-SLIDES.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-43.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2009_48_firefox.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1207.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-810-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=512912"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/810-2/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-22 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | network_security_services | * | |
| mozilla | network_security_services | 3.12 | |
| mozilla | network_security_services | 3.12.1 | |
| mozilla | network_security_services | 3.12.2 | |
| mozilla | network_security_services | 3.12.3 | |
| mozilla | network_security_services | 3.12.3.1 | |
| mozilla | network_security_services | 3.12.3.2 | |
| mozilla | network_security_services | 3.12.4 | |
| mozilla | network_security_services | 3.12.5 | |
| mozilla | network_security_services | 3.12.6 | |
| mozilla | network_security_services | 3.12.7 | |
| mozilla | network_security_services | 3.12.8 | |
| mozilla | network_security_services | 3.12.9 | |
| mozilla | network_security_services | 3.12.10 | |
| mozilla | network_security_services | 3.12.11 | |
| mozilla | network_security_services | 3.14 | |
| mozilla | network_security_services | 3.14.1 | |
| mozilla | network_security_services | 3.14.2 | |
| mozilla | network_security_services | 3.14.3 | |
| mozilla | network_security_services | 3.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6943F8E-784B-4CCD-82E3-B5A439C43C07",
"versionEndIncluding": "3.15.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E62D1D1B-985D-440B-AD23-3F16AEC8DA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54B8C2DA-E663-437B-83DA-5521AF002C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94C2A7CF-71DB-431C-8F13-E6F46961F68D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "000A1698-C9DE-49A1-9F5D-FDED34A134E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "601788BD-8B31-417F-AE7D-BE8E4107C1EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06A99645-6A81-40C3-B46F-3D1ABF00EF00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EBCB20B-A367-485F-9115-04EABBE69C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E38E21D-23A9-4D0D-B45B-AF019CD448F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "33955B7C-ABA0-49E3-BEF8-AD29FD31DA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "42C5B25D-E039-427D-8655-FD6BB9302793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E3FD4C-57C7-49CC-B970-18FE767A5ABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE6B5A1-2E92-427A-810F-0139632F4410",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "548E3AAC-3628-4CA4-98CF-7F3724F4355D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8E39AD87-3C6C-4B2F-AC3C-84FDBE184440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "99EDA73B-F030-48C0-AAC1-7B8FF1D9E54E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3720323-D3BD-4ACD-93B7-B1687E2B241B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AA512E-B2EA-4C73-91B9-14BD5776EE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D2D713-5A78-4D78-BF0B-2BC1A621D4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B591920E-38ED-4046-AD08-E31464C61A18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure."
},
{
"lang": "es",
"value": "Mozilla Network Security Services (NSS) en versiones anteriores a 3.15.2 no asegura que las estructuras de datos est\u00e9n inicializadas antes de las operaciones de lectura, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado a trav\u00e9s de vectores que desencadenan un fallo de descifrado."
}
],
"id": "CVE-2013-1739",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-22T22:55:04.237",
"references": [
{
"source": "security@mozilla.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00014.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00013.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00016.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1791.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1829.html"
},
{
"source": "security@mozilla.org",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "security@mozilla.org",
"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2013/dsa-2790"
},
{
"source": "security@mozilla.org",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-93.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/bid/62966"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2030-1"
},
{
"source": "security@mozilla.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"source": "security@mozilla.org",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=894370"
},
{
"source": "security@mozilla.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1012656"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.2_release_notes"
},
{
"source": "security@mozilla.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1791.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1829.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-93.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/62966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2030-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=894370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1012656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.2_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19254"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-20 22:15
Modified
2024-11-21 05:18
Severity ?
Summary
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | network_security_services | * | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| oracle | communications_offline_mediation_controller | 12.0.0.3.0 | |
| oracle | communications_pricing_design_center | 12.0.0.3.0 | |
| oracle | jd_edwards_enterpriseone_tools | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A2E34F-6DDF-44CF-AF2B-83327DB6F8EC",
"versionEndExcluding": "3.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49ACFC73-A509-4D1C-8FC3-F68F495AB055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B49D71-6A31-497A-B6A9-06E84F086E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86305E47-33E9-411C-B932-08C395C09982",
"versionEndExcluding": "9.2.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en la manera en que NSS manejaba los mensajes CCS (ChangeCipherSpec) en TLS versi\u00f3n 1.3.\u0026#xa0;Este fallo permite a un atacante remoto enviar m\u00faltiples mensajes CCS, causando una denegaci\u00f3n de servicio para los servidores compilados con la biblioteca NSS.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema.\u0026#xa0;Este fallo afecta a NSS versiones anteriores a 3.58"
}
],
"id": "CVE-2020-25648",
"lastModified": "2024-11-21T05:18:20.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-20T22:15:43.217",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887319"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00039.html"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERA5SVJQXQMDGES7RIT4F4NQVLD35RXN/"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRM53IQCPZT2US3M7JXTP6I6IBA5RGOD/"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RPOLN6DJUYQ3QBQEGLZGV73SNIPK7GHV/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERA5SVJQXQMDGES7RIT4F4NQVLD35RXN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRM53IQCPZT2US3M7JXTP6I6IBA5RGOD/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RPOLN6DJUYQ3QBQEGLZGV73SNIPK7GHV/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-08 21:07
Modified
2025-04-09 00:30
Severity ?
Summary
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox | 1.5 | |
| mozilla | firefox | 1.5 | |
| mozilla | firefox | 1.5 | |
| mozilla | firefox | 1.5.0.1 | |
| mozilla | firefox | 1.5.0.2 | |
| mozilla | firefox | 1.5.0.3 | |
| mozilla | firefox | 1.5.0.4 | |
| mozilla | firefox | 1.5.0.5 | |
| mozilla | firefox | 1.5.0.6 | |
| mozilla | firefox | 1.5.0.7 | |
| mozilla | network_security_services | 3.11.3 | |
| mozilla | seamonkey | 1.0 | |
| mozilla | seamonkey | 1.0 | |
| mozilla | seamonkey | 1.0 | |
| mozilla | seamonkey | 1.0 | |
| mozilla | seamonkey | 1.0.1 | |
| mozilla | seamonkey | 1.0.2 | |
| mozilla | seamonkey | 1.0.3 | |
| mozilla | seamonkey | 1.0.4 | |
| mozilla | seamonkey | 1.0.5 | |
| mozilla | thunderbird | 1.5 | |
| mozilla | thunderbird | 1.5 | |
| mozilla | thunderbird | 1.5.0.1 | |
| mozilla | thunderbird | 1.5.0.2 | |
| mozilla | thunderbird | 1.5.0.3 | |
| mozilla | thunderbird | 1.5.0.4 | |
| mozilla | thunderbird | 1.5.0.6 | |
| mozilla | thunderbird | 1.5.0.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ABB88E86-6E83-4A59-9266-8B98AA91774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E19ED1CA-DEBD-4786-BA7B-C122C7D2E5B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "66BE50FE-EA21-4633-A181-CD35196DF06E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7D6BF5B1-86D1-47FE-9D9C-735718F94874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84D15CE0-69DF-4EFD-801E-96A4D6AABEDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE203DE-6C0E-4FDE-9C3A-0E73430F17DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F38886-C25A-4C6B-93E7-36461405BA99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C65D2670-F37F-48CB-804A-D35BB1C27D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DE8E5194-7B34-4802-BDA6-6A86EB5EDE05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FABA5F56-99F7-4F8F-9CC1-5B0B2EB72922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F474C4B3-B85D-4059-B5D9-84238A642EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09E18FC0-0C8C-4FA1-85B9-B868D00F002F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*",
"matchCriteriaId": "D62F740C-706B-4290-AD92-3ECBC3D30768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*",
"matchCriteriaId": "55344F76-1C42-4DD8-A28B-1C33626C6FD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "CB01A97F-ACE1-4A99-8939-6DF8FE5B5E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6521C877-63C9-4B6E-9FC9-1263FFBB7950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D949DF0A-CBC2-40E1-AE6C-60E6F58D2481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5CDA57-1A50-4EDB-80E2-D3EBB44EA653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "22D33486-4956-4E2C-BA16-FA269A9D02BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3104343E-93B6-4D4A-BC95-ED9F7E91FB6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4FB87608-0DF8-4729-95C5-CFA386AB3AC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "1A406214-29E5-4E13-B2E1-1CF72F1E60BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6C169DA-26BC-42EE-817B-2F0685069495",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C99BAF7-B48E-4402-B2BF-EB07235E402E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3F0C73F-291F-4A92-87B8-2269B5C1516D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A0ADE8D7-B3C3-4490-9CD5-0263BBA75D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "938B1260-74A7-4CFF-8086-415DCC284430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E28672BA-E3C2-40C3-80E1-95B7CDD089E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340."
},
{
"lang": "es",
"value": "La biblioteca Mozilla Network Security Service (NSS) en versiones anteriores a la 3.11.3, como el usado en el Mozilla Firefox en versiones anteriores a la 1.5.0.8, en el Thunderbird anterior a la versi\u00f3n 1.5.0.8 y en el SeaMonkey anteriores a la versi\u00f3n 1.0.6, cuando utiliza una clave RSA con exponente 3, no gestiona apropiadamente datos extra en la firma, lo cual permiten a atacantes remotos falsificar firmas para los certificados de correo electr\u00f3nico SSL/TLS. NOTA: este identificador es para versiones de productos no parchados, que inicialmente se vieron en el CVE-2006-4340."
}
],
"id": "CVE-2006-5462",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-08T21:07:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0733.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0734.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0735.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22066"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22722"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22727"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22737"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22763"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22770"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22815"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22817"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22929"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22965"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22980"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/23009"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/23013"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/23197"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/23202"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/23235"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/23263"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/23287"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/23297"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/23883"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/24711"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200612-06.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200612-07.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200612-08.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1017180"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1017181"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1017182"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2006/dsa-1224"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2006/dsa-1225"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2006/dsa-1227"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/335392"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:205"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:206"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2006_68_mozilla.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-381-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-382-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-312A.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/3748"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/4387"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2007/0293"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2007/1198"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"source": "secalert@redhat.com",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
},
{
"source": "secalert@redhat.com",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=356215"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30098"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0733.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0734.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0735.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200612-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200612-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200612-08.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/335392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_68_mozilla.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-381-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-382-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-312A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=356215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10478"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-30 19:30
Modified
2025-04-09 00:30
Severity ?
Summary
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3306EB88-CE4C-4D5E-BE35-53DE6DEC5C3C",
"versionEndExcluding": "2.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66221847-4F1D-4F26-8916-731BDFE5B3A9",
"versionEndExcluding": "2.7.4",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A21F310D-7D9F-45D7-974D-C615F99FBEB8",
"versionEndExcluding": "3.12.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06458D9A-4AB2-4B8A-8902-D2A285801347",
"versionEndIncluding": "0.9.8k",
"versionStartIncluding": "0.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large."
},
{
"lang": "es",
"value": "La librer\u00eda Network Security Services (NSS) en versiones anteriores a 3.12.3, como se utiliza en Firefox; GnuTLS en versiones anteriores a 2.6.4 y 2.7.4; OpenSSL 0.9.8 hasta la versi\u00f3n 0.9.8k; y otros productos que soportan MD2 con certificados X.509, lo que podr\u00edan permitir a atacantes remotos falsificar certificados usando defectos de dise\u00f1o de MD2 para generar una colisi\u00f3n de hash en menos que tiempo que con fuerza bruta. NOTA: el alcance de este problema est\u00e1 actualmente limitado porque la cantidad de computaci\u00f3n requerida es todav\u00eda grande."
}
],
"id": "CVE-2009-2409",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-30T19:30:00.343",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes"
],
"url": "http://java.sun.com/javase/6/webnotes/6u17.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36139"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36157"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36434"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/36669"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/36739"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/37386"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/42467"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://support.apple.com/kb/HT3937"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.debian.org/security/2009/dsa-1874"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:258"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1207.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1432.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.securitytracker.com/id?1022631"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-810-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2085"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3126"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://usn.ubuntu.com/810-2/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2009/dsa-1888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://java.sun.com/javase/6/webnotes/6u17.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/36669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/36739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/37386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/42467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://support.apple.com/kb/HT3937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.debian.org/security/2009/dsa-1874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1207.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1432.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securitytracker.com/id?1022631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-810-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://usn.ubuntu.com/810-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2009/dsa-1888"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-05 05:59
Modified
2025-04-12 10:46
Severity ?
Summary
Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A741F21D-4095-47E0-AAB4-DDBDAAC5BAB1",
"versionEndIncluding": "41.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39EA735D-20A8-4595-BFF8-7B1F5A32CDA2",
"versionEndIncluding": "3.19.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "95762E75-6DEC-4B1C-87B4-A4EA1937B710",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35BF0AFB-26BA-4BEA-B6B8-11CF88E951DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F007CC6-9391-4E1C-A747-F3DE5E572FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "45E9641F-430C-4B3A-BD63-EC13DBD3D1E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5AADD23B-A8AF-4679-990D-C29A1D6EB5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1343A1FD-98CF-4A6C-A697-1253E538FD5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D098567-B55E-4EAC-8FAA-31FAFDD4058F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE0389BC-D295-4957-8AE7-EDAC770F596D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E75E69A5-AC94-4F35-9EFB-1BFF8B78210D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors."
},
{
"lang": "es",
"value": "Desbordamiento de entero en la implementaci\u00f3n de PL_ARENA_ALLOCATE en Netscape Portable Runtime (NSPR) en Mozilla Network Security Services (NSS) en versiones anteriores a 3.19.2.1 y 3.20.x en versiones anteriores a 3.20.1, como se utiliza en Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4 y otros productos, permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-7183",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-05T05:59:07.883",
"references": [
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"
},
{
"source": "security@mozilla.org",
"url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2015/dsa-3393"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2015/dsa-3406"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/bid/77415"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "security@mozilla.org",
"url": "http://www.securitytracker.com/id/1034069"
},
{
"source": "security@mozilla.org",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.399753"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2785-1"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2790-1"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2819-1"
},
{
"source": "security@mozilla.org",
"url": "https://bto.bluecoat.com/security-advisory/sa119"
},
{
"source": "security@mozilla.org",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1205157"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes"
},
{
"source": "security@mozilla.org",
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"source": "security@mozilla.org",
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/77415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.399753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2785-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2790-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2819-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bto.bluecoat.com/security-advisory/sa119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1205157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201605-06"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-03 11:56
Modified
2025-04-11 00:51
Severity ?
Summary
The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox | * | |
| mozilla | firefox | * | |
| mozilla | network_security_services | * | |
| mozilla | seamonkey | * | |
| mozilla | thunderbird | * | |
| mozilla | thunderbird_esr | * | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 11.10 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 | |
| oracle | vm_server | 3.2 | |
| redhat | enterprise_linux_desktop | 5.0 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_eus | 5.9 | |
| redhat | enterprise_linux_server | 5.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server_aus | 5.9 | |
| redhat | enterprise_linux_workstation | 5.0 | |
| redhat | enterprise_linux_workstation | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85419E17-FAAE-4064-8002-DF3E2144DA94",
"versionEndIncluding": "20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36586226-AE60-4DB6-8F41-CA2A02778F53",
"versionEndExcluding": "17.0.5",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32AFBEB6-20FD-48E4-A687-630BB4AF45B0",
"versionEndExcluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B7351C-3F9C-4A97-83B3-DFEDA4CBB83C",
"versionEndExcluding": "2.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FAF5EB6-C191-4FC6-AD19-5BDE3F725B5C",
"versionEndExcluding": "17.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE639053-DE2F-49CD-89DC-A1A59B4F51C7",
"versionEndExcluding": "17.0.5",
"versionStartIncluding": "17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
"matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86:*",
"matchCriteriaId": "FC9E8528-0FB8-4BF0-A9EF-6CC84A2631A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6252E88C-27FF-420D-A64A-C34124CF7E6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "92C9F1C4-55B0-426D-BB5E-01372C23AF97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate."
},
{
"lang": "es",
"value": "La funci\u00f3n CERT_DecodeCertPackage en Mozilla Network Security Services (NSS), tal como se utiliza en Mozilla Firefox antes de v20.0, Firefox ESR v17.x antes v17.0.5, Thunderbird antes de v17.0.5, Thunderbird ESR v17.x antes de v17.0.5, SeaMonkey antes de v2.17, y otros productos, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (fuera del terreno de juego y lectura de corrupci\u00f3n de memoria) a trav\u00e9s de un certificado manipulado."
}
],
"id": "CVE-2013-0791",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-03T11:56:21.117",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "security@mozilla.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1135.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1144.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-40.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/58826"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1791-1"
},
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=629816"
},
{
"source": "security@mozilla.org",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1135.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1144.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-40.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/58826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1791-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=629816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17150"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-18 05:23
Modified
2025-04-11 00:51
Severity ?
Summary
Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | network_security_services | 3.14 | |
| mozilla | network_security_services | 3.14.1 | |
| mozilla | network_security_services | 3.14.2 | |
| mozilla | network_security_services | 3.14.3 | |
| mozilla | network_security_services | 3.14.4 | |
| mozilla | network_security_services | 3.15 | |
| mozilla | network_security_services | 3.15.1 | |
| mozilla | network_security_services | 3.15.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "99EDA73B-F030-48C0-AAC1-7B8FF1D9E54E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3720323-D3BD-4ACD-93B7-B1687E2B241B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AA512E-B2EA-4C73-91B9-14BD5776EE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D2D713-5A78-4D78-BF0B-2BC1A621D4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD0792F-A78A-420B-8069-67920BC5DEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B591920E-38ED-4046-AD08-E31464C61A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7456D704-3B98-42EC-929A-91BD1E95233F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27F38E50-AF67-4F2B-9DA2-0BDC4BE7D5BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets."
},
{
"lang": "es",
"value": "Servicios de seguridad de red Mozilla (NSS) 3.14 antes de 3.14.5 y 3.15 antes de 3.15.3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio o posiblemente tener un impacto no especificado a trav\u00e9s de paquetes handshake no v\u00e1lidos."
}
],
"id": "CVE-2013-5605",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-18T05:23:57.643",
"references": [
{
"source": "security@mozilla.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00078.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1791.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1829.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1840.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1841.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0041.html"
},
{
"source": "security@mozilla.org",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "security@mozilla.org",
"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2013/dsa-2800"
},
{
"source": "security@mozilla.org",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/bid/63738"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2030-1"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2031-1"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2032-1"
},
{
"source": "security@mozilla.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"source": "security@mozilla.org",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=934016"
},
{
"source": "security@mozilla.org",
"tags": [
"Patch"
],
"url": "https://developer.mozilla.org/docs/NSS/NSS_3.14.5_release_notes"
},
{
"source": "security@mozilla.org",
"tags": [
"Patch"
],
"url": "https://developer.mozilla.org/docs/NSS/NSS_3.15.3_release_notes"
},
{
"source": "security@mozilla.org",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00078.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1791.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1829.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1840.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1841.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/63738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2030-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2031-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2032-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=934016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://developer.mozilla.org/docs/NSS/NSS_3.14.5_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://developer.mozilla.org/docs/NSS/NSS_3.15.3_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201504-01"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-22 21:15
Modified
2024-11-21 04:31
Severity ?
Summary
In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4426D584-AAEF-4E84-8E13-E921DB0F0278",
"versionEndExcluding": "3.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B09C415-21F2-49C9-BFAE-2151C8ED4D06",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F196C09E-4C45-42D5-B509-7EB77F6566F1",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13D72F66-A1B2-4FB7-B31B-EF16955BC871",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB658DF3-A68F-4248-B240-9194E17941E1",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E16E621D-84DB-4F0D-A771-5E282B0292B2",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "059624DD-C1C8-408C-8026-D4FBC93C3CF9",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06AF9201-89AB-42E6-97CF-9EDDC17EF7AE",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2656219C-7E23-47F7-AFB7-0D6D3D2ACA85",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service."
},
{
"lang": "es",
"value": "En Network Security Services versiones anteriores a 3.44, una Secuencia de Certificados Netscape malformado puede causar que NSS se bloquee, resultando en una denegaci\u00f3n de servicio"
}
],
"id": "CVE-2019-17007",
"lastModified": "2024-11-21T04:31:31.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-22T21:15:12.637",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1533216"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1533216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-26 20:28
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox | * | |
| mozilla | firefox | * | |
| mozilla | network_security_services | * | |
| mozilla | seamonkey | * | |
| mozilla | thunderbird | * | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 4.0 | |
| canonical | ubuntu_linux | 5.10 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 6.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDDD5B2-2356-4A1A-820F-60CF3B638910",
"versionEndExcluding": "1.5.0.10",
"versionStartIncluding": "1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAFE9FF-65A4-487A-9D3A-844086DE5F27",
"versionEndExcluding": "2.0.0.2",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "156B1F29-CBEE-475F-ADE0-92F805EA395C",
"versionEndExcluding": "3.11.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5ECD99A-50D8-47FB-AEE9-D7A4F8F72B7C",
"versionEndExcluding": "1.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A187A85C-E699-4E41-8745-B76F83BE8CB0",
"versionEndExcluding": "1.5.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA3A32E-445A-4D39-A8D5-75F5370AD23D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
"matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid \"Client Master Key\" length values."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el soporte SSLv2 en Mozilla Network Security Services (NSS) anterior a versi\u00f3n 3.11.5, tal y como es usado por Firefox anterior a versi\u00f3n 1.5.0.10 y versi\u00f3n 2.x anterior a 2.0.0.2, Thunderbird anterior a versi\u00f3n 1.5.0.10, SeaMonkey anterior a versi\u00f3n 1.0.8, y ciertos productos de servidor Sun Java System anterior al 20070611, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de valores de longitud \"Client Master Key\" no v\u00e1lidos."
}
],
"id": "CVE-2007-0009",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-26T20:28:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://fedoranews.org/cms/node/2709"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://fedoranews.org/cms/node/2711"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://fedoranews.org/cms/node/2747"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://fedoranews.org/cms/node/2749"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24253"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24277"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24287"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24290"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24293"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24333"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24342"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24343"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24384"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24389"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24395"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24406"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24410"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24455"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24456"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24457"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24522"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24562"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24650"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24703"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/25588"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/25597"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-18.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.363947"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.374851"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1336"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/592796"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:052"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-06.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/32106"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/64758"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1017696"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-428-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-431-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0718"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0719"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1165"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2141"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=364323"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32663"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://issues.rpath.com/browse/RPL-1081"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://issues.rpath.com/browse/RPL-1103"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://fedoranews.org/cms/node/2709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://fedoranews.org/cms/node/2711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://fedoranews.org/cms/node/2747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://fedoranews.org/cms/node/2749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/24703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/25588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/25597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-18.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.363947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.374851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/592796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-06.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/32106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/64758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1017696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-428-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-431-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=364323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://issues.rpath.com/browse/RPL-1081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://issues.rpath.com/browse/RPL-1103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10174"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-25 17:55
Modified
2025-04-12 10:46
Severity ?
Summary
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A0804B4-6197-4143-A13A-EA08A7BFA87C",
"versionEndIncluding": "37.0.2062.120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97A0B769-5287-4E95-874B-F1D7FC41C7AF",
"versionEndIncluding": "32.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11F024A-A8B7-405B-8A13-4BF406FBDB22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D81A3698-797C-4CD9-BB02-A9182E0A6E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:32.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9699C820-AE0F-446D-9BE3-FDFD8EA43D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:32.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A046FF67-64E3-4879-8AC6-1AEF549E8409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:24.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "94159B22-C2F9-4FCF-B86E-681441FEB015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC93EFAA-E7F4-41E8-A158-E1AE8DC4EFB8",
"versionEndIncluding": "3.16.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44E0E1D0-F71C-4A3F-B3EE-97B299EF2AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47CD4C15-02C8-42F2-9AF3-E44F74DE62B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3DDE473-7A61-46AD-9D3B-CA299928FD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "046596DB-57EB-4354-A79E-B3B1D5B4DD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0755B957-CB78-4B8E-9CFE-D53389789ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "17D292FA-E062-4C52-AE0A-CA7D183D9E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83E1A0EA-9E2F-407F-A72F-D5061B6CD318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B565D82B-CAB8-4512-B7B7-0402146DD2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "68341EA6-4FF0-4F87-AC71-4EC5D648406C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A91596AC-3F28-4BBD-A697-81909A5407B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A57A5053-018B-468C-BC18-5140E6B5B048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C2962B1B-4B7F-4527-AE4C-C76787FEDB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE921188-7A50-479F-853F-95127C9BE4E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F710939C-8598-40FE-9D5F-A3665723A5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75572113-BD36-49BB-B7A1-177EB7DD3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F18265E-EE99-4D0F-B975-22A86077A611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E3EA58-3FD3-4AD8-AA63-057F8D31301B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A51D3086-99CB-4C01-B286-3F7F6B6FB3AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA7EB49-52A7-4AFC-9D7D-0225A430B636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EAD5F88F-038C-4973-8391-C40C08573F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F474C4B3-B85D-4059-B5D9-84238A642EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BB4C26-42DC-48F7-B73B-4C88FD3D1E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0FCC4537-605F-4A3B-AAD1-FC7D0F44F6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E62D1D1B-985D-440B-AD23-3F16AEC8DA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54B8C2DA-E663-437B-83DA-5521AF002C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94C2A7CF-71DB-431C-8F13-E6F46961F68D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "000A1698-C9DE-49A1-9F5D-FDED34A134E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "601788BD-8B31-417F-AE7D-BE8E4107C1EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06A99645-6A81-40C3-B46F-3D1ABF00EF00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EBCB20B-A367-485F-9115-04EABBE69C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E38E21D-23A9-4D0D-B45B-AF019CD448F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "33955B7C-ABA0-49E3-BEF8-AD29FD31DA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "42C5B25D-E039-427D-8655-FD6BB9302793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E3FD4C-57C7-49CC-B970-18FE767A5ABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE6B5A1-2E92-427A-810F-0139632F4410",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "548E3AAC-3628-4CA4-98CF-7F3724F4355D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8E39AD87-3C6C-4B2F-AC3C-84FDBE184440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "99EDA73B-F030-48C0-AAC1-7B8FF1D9E54E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3720323-D3BD-4ACD-93B7-B1687E2B241B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AA512E-B2EA-4C73-91B9-14BD5776EE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D2D713-5A78-4D78-BF0B-2BC1A621D4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD0792F-A78A-420B-8069-67920BC5DEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A05D7AA9-8EA2-4063-B853-FE1E3CA85B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B591920E-38ED-4046-AD08-E31464C61A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7456D704-3B98-42EC-929A-91BD1E95233F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27F38E50-AF67-4F2B-9DA2-0BDC4BE7D5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "473B6DB5-D433-4B1C-9F0D-8260A143D437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D87CDFCB-B9FF-49F4-88BA-49D14E6FA8FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D4DE8E-7184-4A6B-87EA-A0B116EA0155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ADAF26C6-58D5-4273-803C-04A28FC86D79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "1F8F3540-57BF-4B9D-B0A8-61B4220905B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D20E87ED-EF30-4E07-A7A1-F14DCFAF44BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75D08020-A1E8-4143-85C6-7EF2AC9AC5DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.16.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F45E4D0F-3FBA-49AF-ADD5-CCFD23545E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
"matchCriteriaId": "138701FB-929A-4683-B41F-CB014ACFE44A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:*:-:*:*:*:*:*:*",
"matchCriteriaId": "0AF1DC4F-1DE0-444F-9876-0EC77EC3390C",
"versionEndIncluding": "2.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09E18FC0-0C8C-4FA1-85B9-B868D00F002F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "4A97B6E1-EABA-4977-A3FC-64DF0392AA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "CB01A97F-ACE1-4A99-8939-6DF8FE5B5E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6521C877-63C9-4B6E-9FC9-1263FFBB7950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D949DF0A-CBC2-40E1-AE6C-60E6F58D2481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5CDA57-1A50-4EDB-80E2-D3EBB44EA653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "22D33486-4956-4E2C-BA16-FA269A9D02BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3104343E-93B6-4D4A-BC95-ED9F7E91FB6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "381313EF-DF84-4F66-9962-DE8F45029D79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A0228476-14E4-443C-BBAE-2C9CD8594DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A803A500-DCE2-44FC-ABEB-A90A1D39D85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "022274DE-5251-49C9-B6E5-1D8CEDC34E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9F84CB7-93F7-4912-BC87-497867B96491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "8992E9C6-09B3-492E-B7DA-899D5238EC18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "D58B704B-F06E-44C1-BBD1-A090D1E6583A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40270FBD-744A-49D9-9FFA-1DCD897210D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20E01097-F60A-4FB2-BA47-84A267EE87D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F65732F-317B-49A2-B9B0-FA1102B8B45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DB430F19-069A-43FD-9097-586D4449D327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "76AD0439-3BFB-4AD1-8E2C-99D0B099FA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1E6D7528-E591-48A6-8165-BE42F8EBF6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BA710423-0075-44B8-9DCB-6380FA974486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C5521DA3-E6AF-4350-B971-10B4A1C9B1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DDD15752-A253-47B1-BCE0-B55B84B47C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "60B39A9D-44A4-4D7F-9004-C44066BBE277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F203EC52-2126-4227-AF3B-23857E5BB222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E951567B-8402-42EA-AE33-EBA9235A868F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "82A94198-7EBF-4D8A-A99A-A32A8561FF2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1BFFBC58-ACD2-449D-B010-5026D6022F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "83EED5D2-EC40-4253-991B-0C746FBEF6A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0F73092C-1458-4278-A30D-C0F89B1F82F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "AAB559BD-4BF7-417F-962F-B8971FF1614B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "7B528A25-003F-4614-B55B-AF46B66EDB44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0078D890-6456-4F45-A3AE-B1A2BFAC6A4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "69DD17EC-99EB-46C1-98E9-16A2EDB8E224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F35F7EA1-8C98-4A3E-8767-89DBC26A32B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EF89719E-C415-45A3-A1CC-FAFDFCAE3055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58EB8E8A-84DE-43AA-B8F0-B585FB73D724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*",
"matchCriteriaId": "C19C0BF7-390D-4E2E-BA32-28DFF73C55F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*",
"matchCriteriaId": "5FE5E50C-80ED-4CA7-BC85-8BD2E324D527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*",
"matchCriteriaId": "FEBF912C-A12E-4DBD-84AC-8B440E190BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*",
"matchCriteriaId": "9B8EDED6-29EF-4A9F-955D-F5E6611C2141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "EDC9C82D-586A-48F4-B540-1E2AE79806B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "51FCF83B-630A-4413-BFAA-0C24A6B8F4F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "84B2AA0A-0220-49DD-82CD-37FDC563F146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D754AF10-1E43-46C8-A444-E7DB3401509D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34182167-F1DF-455B-BFDB-0A8491590479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8ECA6CE-20D0-4A4F-B376-888A9328B044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1FEFCAB0-E57A-46E8-94C7-8510BB87C6B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9FB5C972-AF7B-4EC7-BCE5-867CACCF5C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C68DBB31-7804-446E-9A53-073E4B74E851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "31ADCC51-CE05-4EB6-BE8F-B64FD62946A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "387390AE-CF25-47ED-BD36-F42455DE1A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "78D5F0AD-9974-40A1-942F-0F03A278DAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2C388E6F-148E-4EA5-8D82-7778398122BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1FEB21-60B1-4303-BE19-576CC93B940C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "37F07875-FB5E-4B13-9798-BF9AEBD8A2A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "87FD9961-DA1C-4846-A779-A836C07B98A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4A40438F-0CF1-4A3E-BAC7-199D72901B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EB46CA-D5DD-4FA8-A234-21C938620F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "635FCE4C-2D15-4FB2-8917-D176B1539024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "E59E74C2-38F2-4B7F-88C0-9919548713B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "DB6663ED-4643-4BB7-B281-706C7A0E10F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E7E8003B-C319-4AD0-9D32-DA05346869C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E60060B4-2301-497E-B03B-3DF3FBF159AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*",
"matchCriteriaId": "4983E235-19E8-4315-977B-E74CD0BD5F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5C0D4ECE-209E-4919-B31C-D8BCCEABC759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B02ED302-0410-4F21-99C5-613DF719E7E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "07C298DB-767F-4703-B2DD-6499A11CEC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*",
"matchCriteriaId": "46A3F5F4-CD81-4970-9A1B-38CC0308D450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*",
"matchCriteriaId": "799A7D47-5A5B-4B4A-A462-8A488E04F5D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.2:beta3:*:*:*:*:*:*",
"matchCriteriaId": "EB80610A-8A8A-4383-817D-9179D755165C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "35F56E95-F0FE-4E47-9C01-4D8E4976B773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.10:beta1:*:*:*:*:*:*",
"matchCriteriaId": "BEDAE360-E3B8-4BA0-A036-2FCFFEF5D498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.10:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2E86983D-1903-4792-9F54-1B0B05A944A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.10:beta3:*:*:*:*:*:*",
"matchCriteriaId": "681C9B76-4D67-42B3-9270-5AD6CBD152A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "247FEB6D-34CE-49E8-9B22-D030F0C26DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FF54558B-D33F-453E-BCAA-7E47A91C3CE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.11:beta1:*:*:*:*:*:*",
"matchCriteriaId": "01459193-203D-4E26-8741-EF6EDC38A88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.11:beta2:*:*:*:*:*:*",
"matchCriteriaId": "240DF7DC-D927-49D7-A8D2-38E6F9D1C844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.11:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8CC53990-A6DE-4549-926F-BB5346FE2A6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.11:beta4:*:*:*:*:*:*",
"matchCriteriaId": "5186C595-0FE6-4F25-B9A6-2CDD743A3357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.11:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6F630985-334F-4644-965F-DA8BEEE2449D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.11:beta6:*:*:*:*:*:*",
"matchCriteriaId": "3A6519DF-E299-422B-B891-494AE8240ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD3A962-E6A6-4681-BD6E-047ABF8CB776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.12:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7ABE95E2-BA65-4E55-A869-875A408A37F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.12:beta2:*:*:*:*:*:*",
"matchCriteriaId": "7A4D8392-FC84-4963-B505-676B629992BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.12:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5771130B-203B-46A1-A3C9-98BBA17C3654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.12:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8DC8BB2F-487D-40D7-83FD-1CDD373014CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.12:beta5:*:*:*:*:*:*",
"matchCriteriaId": "DC43A7E2-20B1-4CBE-815C-BC8A89D5B496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.12:beta6:*:*:*:*:*:*",
"matchCriteriaId": "CBCCCCD0-CB6C-4A82-98F7-017E4F850BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "884E19F8-0AB3-427F-BDEC-1CDC420D1231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BBBBA80F-4CD4-4419-905A-B90AC3F961F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.13:beta1:*:*:*:*:*:*",
"matchCriteriaId": "D62B7671-43FC-4D1B-B69D-5D5E2EC205E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.13:beta2:*:*:*:*:*:*",
"matchCriteriaId": "04A1E095-5FC4-42B4-998C-F28B3E8D7DC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.13:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8725924E-A1D8-42F6-8577-774056A6EC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.13:beta4:*:*:*:*:*:*",
"matchCriteriaId": "2DC3E936-6BB0-4CBD-A37C-66E4AF62B813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.13:beta5:*:*:*:*:*:*",
"matchCriteriaId": "026603CE-0A59-4668-92F8-0306FCE31B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.13:beta6:*:*:*:*:*:*",
"matchCriteriaId": "D76D908D-1148-4A65-B9F4-E18B1B01165A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA22ED4-5C46-403C-889F-82A52DA1EBB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC30286-5862-4D56-BE7D-44EDCC2BA37B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED26A20-4DF7-43B4-81EF-6C77A57A85B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.14:beta1:*:*:*:*:*:*",
"matchCriteriaId": "05DA7741-6ED9-4A0C-B2EB-921B01D8F60A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.14:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C343FE1B-1A54-410C-8FE4-110C089529E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.14:beta3:*:*:*:*:*:*",
"matchCriteriaId": "836520C2-C59C-4E37-BBE1-7FA7C5CAA690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.14:beta4:*:*:*:*:*:*",
"matchCriteriaId": "D055E64F-7CEE-4501-B233-CBC0D5CB6ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.14:beta5:*:*:*:*:*:*",
"matchCriteriaId": "27A7DC95-1678-405E-B336-32828BAFC3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6289FA43-9A90-41AE-8C0A-C49017B1FC3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.15:beta1:*:*:*:*:*:*",
"matchCriteriaId": "25E3AF9B-96E1-4875-8F9F-F17289B17D82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.15:beta2:*:*:*:*:*:*",
"matchCriteriaId": "1E98FD1D-58F0-4832-8BD9-D6561AC4903E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.15:beta3:*:*:*:*:*:*",
"matchCriteriaId": "14D92E1E-D0E4-41A0-9126-417FBAE62E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.15:beta4:*:*:*:*:*:*",
"matchCriteriaId": "9CCCA8B5-5E59-41C2-87C1-0F4A72E9812A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.15:beta5:*:*:*:*:*:*",
"matchCriteriaId": "040AFFC7-ED14-49A1-8995-806479C183F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.15:beta6:*:*:*:*:*:*",
"matchCriteriaId": "4FA38731-42C7-4B6E-A09B-5B73814190A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F74CB55-8FA5-4FBC-B37E-69F035282360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CDE3356A-EFD5-4651-8FF7-0F79570D3670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE8DA73-2FEC-4F2B-9264-6DFB663F0950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.16:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7AF84523-CBF7-4F1D-9818-9DAFED30851D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.16:beta2:*:*:*:*:*:*",
"matchCriteriaId": "51C344C3-093D-486E-B2BA-47E890FC159B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.16:beta3:*:*:*:*:*:*",
"matchCriteriaId": "D7D8ED22-2F5A-408E-995F-D6B046250EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.16:beta4:*:*:*:*:*:*",
"matchCriteriaId": "D7744088-C55D-4006-8A1C-545DF9687A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.16:beta5:*:*:*:*:*:*",
"matchCriteriaId": "B888F4F3-F5C1-47CB-85EA-BF088B3629FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2FD7275-C402-4A9D-9A16-C2B0FB7A73E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DFFC99-7534-4B22-87CA-AA8DB1B8123D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DE3FE289-6975-4248-881E-12D850B50077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.17:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B3AA9040-15C9-41C1-AF4B-3162C7550073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.17:beta2:*:*:*:*:*:*",
"matchCriteriaId": "F4FDE74E-5550-4813-B075-336739C3951D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.17:beta3:*:*:*:*:*:*",
"matchCriteriaId": "39361B4B-0025-4406-8BB7-DACBB3B328DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.17:beta4:*:*:*:*:*:*",
"matchCriteriaId": "9E78246D-2C7D-46E8-AADE-E52AA03B17B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9BAB391-BE12-453B-BF4E-4C3957B3BC37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.18:beta1:*:*:*:*:*:*",
"matchCriteriaId": "6A8860F4-4F1A-455D-AD76-53EFF54A7F81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.18:beta2:*:*:*:*:*:*",
"matchCriteriaId": "1ABDBCDB-6495-49B8-9F76-A1BB9B4E557E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.18:beta3:*:*:*:*:*:*",
"matchCriteriaId": "4855BEDC-F221-45EB-9F85-E0FA083B334E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.18:beta4:*:*:*:*:*:*",
"matchCriteriaId": "802D0724-B777-479E-BAB0-16C8FA6BFD08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "119C243B-4508-4D1E-8B86-C65EB4E6C1EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.19:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F0D6E1F0-D019-4B5B-9137-D0AE80F4E74F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.19:beta2:*:*:*:*:*:*",
"matchCriteriaId": "94BEE084-0B38-41AF-A836-5C469C1CB7CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A6E457-DF4C-4D19-9AFF-02695D1A2957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.20:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B3C9A8AA-BB73-4252-995F-AE183639D949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.20:beta2:*:*:*:*:*:*",
"matchCriteriaId": "0200DF6D-B067-49DE-BC6A-B1A5EE860454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.20:beta3:*:*:*:*:*:*",
"matchCriteriaId": "3B64472A-A123-4FF8-A39B-C00F5055C4B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.21:beta1:*:*:*:*:*:*",
"matchCriteriaId": "D090ED7A-8370-4BBA-B0F7-D322C5189C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.21:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3C663466-5C19-4F6B-845A-C41E2ED0FF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.22:beta1:*:*:*:*:*:*",
"matchCriteriaId": "90F03D92-608D-4C70-9312-42BA70B13E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.22:beta2:*:*:*:*:*:*",
"matchCriteriaId": "D41DB10E-24E6-47B8-AB36-19F74ACCFB06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB82CDD-29E6-4034-8735-593E99A1A3CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "172C52B1-1649-4EB1-95BF-E7DC5235146C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.23:beta1:*:*:*:*:*:*",
"matchCriteriaId": "82E5B59F-AB42-490C-A406-8E87D89EF384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "37287E07-5883-44B6-AA7C-675A285B9A8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.24:beta1:*:*:*:*:*:*",
"matchCriteriaId": "74E8D818-AE9A-4797-80C8-59AEBBCC868C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.25:-:*:*:*:*:*:*",
"matchCriteriaId": "681E731B-746B-4691-AB95-C9957E6F0B32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.25:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7800503A-1EB8-40EF-BD25-F3393E39D06F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.25:beta2:*:*:*:*:*:*",
"matchCriteriaId": "A8431037-C9B1-47C0-8DB6-B25BF467E891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.25:beta3:*:*:*:*:*:*",
"matchCriteriaId": "249B1CAA-BB69-4430-A9FF-7D57DBEBC155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.26:-:*:*:*:*:*:*",
"matchCriteriaId": "C1C6C365-9A19-41AF-B67D-AA58319E28BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:2.26:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3BCA626F-71BE-4401-848C-5788EC5190BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E15587C-ED33-4151-A728-613B086DE37C",
"versionEndIncluding": "24.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:31.0:*:*:*:*:*:*:*",
"matchCriteriaId": "707DE052-DE3E-4FC3-994C-52FF7B5373C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:31.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "547FD734-8E0C-452A-AB2E-5F7307B42CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:31.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "883879BD-BC74-4440-8903-844867EC898D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6BAAF83-1DDF-4E7E-9785-97C3523EDEFE",
"versionEndIncluding": "37.0.2062.103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:37.0.2062.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F701378-3B81-41AB-82E6-C271B64B325B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:37.0.2062.3:*:*:*:*:*:*:*",
"matchCriteriaId": "03C82FB7-E434-4FE5-8BBE-2813B640A338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:37.0.2062.20:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A8C84C-B5FF-4722-BBEA-9705AC93B8B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:37.0.2062.100:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBAC23A-A96F-4944-A352-B10AE0D49F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:37.0.2062.102:*:*:*:*:*:*:*",
"matchCriteriaId": "9C93B4BE-7E05-40FB-9097-9D5CA3E8A1C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5ACCACAF-7BD6-4C0A-8E6A-67E13D5E341D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a \"signature malleability\" issue."
},
{
"lang": "es",
"value": "Mozilla Network Security Services (NSS) anterior a 3.16.2.1, 3.16.x anterior a 3.16.5, y 3.17.x anterior a 3.17.1, utilizado en Mozilla Firefox anterior a 32.0.3, Mozilla Firefox ESR 24.x anterior a 24.8.1 y 31.x anterior a 31.1.1, Mozilla Thunderbird anterior a 24.8.1 y 31.x anterior a 31.1.2, Mozilla SeaMonkey anterior a 2.29.1, Google Chrome anterior a 37.0.2062.124 en Windows y OS X, y Google Chrome OS anterior a 37.0.2062.120, no analiza debidamente los valores ASN.1 en los certificados X.509, lo que facilita a atacantes remotos falsificar las firmas RSA a trav\u00e9s de un certificado manipulado, tambi\u00e9n conocido como un problema de \u0027maleabilidad de firmas\u0027."
}
],
"id": "CVE-2014-1568",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-25T17:55:04.387",
"references": [
{
"source": "security@mozilla.org",
"url": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html"
},
{
"source": "security@mozilla.org",
"url": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html"
},
{
"source": "security@mozilla.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698"
},
{
"source": "security@mozilla.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00032.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00036.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00039.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1307.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1354.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1371.html"
},
{
"source": "security@mozilla.org",
"url": "http://secunia.com/advisories/61540"
},
{
"source": "security@mozilla.org",
"url": "http://secunia.com/advisories/61574"
},
{
"source": "security@mozilla.org",
"url": "http://secunia.com/advisories/61575"
},
{
"source": "security@mozilla.org",
"url": "http://secunia.com/advisories/61576"
},
{
"source": "security@mozilla.org",
"url": "http://secunia.com/advisories/61583"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2014/dsa-3033"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2014/dsa-3034"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2014/dsa-3037"
},
{
"source": "security@mozilla.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/772676"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-73.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.novell.com/support/kb/doc.php?id=7015701"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/bid/70116"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2360-1"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2360-2"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2361-1"
},
{
"source": "security@mozilla.org",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1064636"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1069405"
},
{
"source": "security@mozilla.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96194"
},
{
"source": "security@mozilla.org",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1307.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1354.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1371.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61575"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/772676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-73.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/support/kb/doc.php?id=7015701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/70116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2360-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2360-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2361-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1064636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1069405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201504-01"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-09 02:59
Modified
2025-04-12 10:46
Severity ?
Summary
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | network_security_services | * | |
| opensuse | leap | 42.1 | |
| opensuse | opensuse | 13.1 | |
| opensuse | opensuse | 13.2 | |
| mozilla | firefox | 38.0 | |
| mozilla | firefox | 38.0.1 | |
| mozilla | firefox | 38.0.5 | |
| mozilla | firefox | 38.1.0 | |
| mozilla | firefox | 38.1.1 | |
| mozilla | firefox | 38.2.0 | |
| mozilla | firefox | 38.2.1 | |
| mozilla | firefox | 38.3.0 | |
| mozilla | firefox | 38.4.0 | |
| mozilla | firefox | 38.5.0 | |
| mozilla | firefox | 38.5.1 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.04 | |
| canonical | ubuntu_linux | 15.10 | |
| mozilla | firefox | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92954403-582A-4A55-B45C-64CADCF40909",
"versionEndIncluding": "3.20.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35BF0AFB-26BA-4BEA-B6B8-11CF88E951DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F007CC6-9391-4E1C-A747-F3DE5E572FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "45E9641F-430C-4B3A-BD63-EC13DBD3D1E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5AADD23B-A8AF-4679-990D-C29A1D6EB5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1343A1FD-98CF-4A6C-A697-1253E538FD5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D098567-B55E-4EAC-8FAA-31FAFDD4058F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE0389BC-D295-4957-8AE7-EDAC770F596D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E75E69A5-AC94-4F35-9EFB-1BFF8B78210D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2765E663-C9CF-476A-B7A8-6F02D0E2D72D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62B4E871-0ACB-4EC5-8392-EAD0DF25E64B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "435D6EF5-C879-4121-9D47-EF2236E53409",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11D313EA-95EE-456C-B27B-FB4207DE9492",
"versionEndIncluding": "43.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision."
},
{
"lang": "es",
"value": "Mozilla Network Security Services (NSS) en versiones anteriores a 3.20.2, tal como se utiliza en Mozilla Firefox en versiones anteriores a 43.0.2 y Firefox ESR 38.x en versiones anteriores a 38.5.2, no rechaza las firmas MD5 en mensajes Server Key Exchange en el tr\u00e1fico de TLS 1.2 Handshake Protocol, lo que facilita a atacantes man-in-the-middle falsificar servidores desencadenando una colisi\u00f3n."
}
],
"id": "CVE-2015-7575",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-09T02:59:10.910",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00139.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00005.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00058.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00059.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00166.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2016/dsa-3436"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2016/dsa-3437"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2016/dsa-3457"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2016/dsa-3458"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2016/dsa-3465"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2016/dsa-3491"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-150.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/79684"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1034541"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1036467"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2863-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2864-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2865-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2866-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2884-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2904-1"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1158489"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201706-18"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201801-15"
},
{
"source": "secalert@redhat.com",
"url": "https://security.netapp.com/advisory/ntap-20160225-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00139.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00058.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00059.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00166.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-150.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/79684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2863-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2864-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2865-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2866-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2884-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2904-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1158489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201706-18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201801-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20160225-0001/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-19"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-07-06 02:00
Modified
2025-04-12 10:46
Severity ?
Summary
Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | suse_linux_enterprise_software_development_kit | 12.0 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 14.10 | |
| canonical | ubuntu_linux | 15.04 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| novell | suse_linux_enterprise_desktop | 12.0 | |
| novell | suse_linux_enterprise_server | 11 | |
| novell | suse_linux_enterprise_server | 12.0 | |
| mozilla | network_security_services | 3.19 | |
| mozilla | firefox | * | |
| mozilla | firefox | 31.0 | |
| mozilla | firefox | 31.1.0 | |
| mozilla | firefox | 31.1.1 | |
| mozilla | firefox | 31.3.0 | |
| mozilla | firefox | 31.5.1 | |
| mozilla | firefox | 31.5.2 | |
| mozilla | firefox | 31.5.3 | |
| mozilla | firefox | 38.0 | |
| mozilla | firefox_esr | 31.1 | |
| mozilla | firefox_esr | 31.2 | |
| mozilla | firefox_esr | 31.3 | |
| mozilla | firefox_esr | 31.4 | |
| mozilla | firefox_esr | 31.5 | |
| mozilla | firefox_esr | 31.6.0 | |
| mozilla | firefox_esr | 31.7.0 | |
| mozilla | thunderbird | * | |
| oracle | solaris | 11.3 | |
| oracle | vm_server | 3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "336EC5B8-6FD8-42BB-9530-58A15238CEE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA04C9F1-6257-4D82-BA0B-37DE66D94736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_server:11:sp4:*:*:*:*:*:*",
"matchCriteriaId": "095856BE-4E55-4FEA-BCAC-352C29083545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C6809678-475F-4703-BC9E-31EC8CAD3A24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "639EAD72-0505-4B4E-8693-9E653A30A334",
"versionEndIncluding": "38.1.0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11F024A-A8B7-405B-8A13-4BF406FBDB22",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D81A3698-797C-4CD9-BB02-A9182E0A6E11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84E8D7C7-B578-4623-9EA2-D13965DBE1F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:31.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3E5D043-71F8-4A61-BEA4-176153E26FD6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:31.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51CBE0A9-1D05-4F88-B5B5-1592D4A4687E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:31.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "902BF23B-C1B9-41F2-BF5D-C1722C3DBFFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:31.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "60521E93-3495-40F7-AA72-EE531F8FA09D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35BF0AFB-26BA-4BEA-B6B8-11CF88E951DE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D7AAC77-57A3-4747-B760-0EE3CD53E4DE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCA6959-24B7-4F86-BE25-0A8A7C1A3D13",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.3:*:*:*:*:*:*:*",
"matchCriteriaId": "697EA344-F982-4E9F-9EC8-CCCB5829582B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.4:*:*:*:*:*:*:*",
"matchCriteriaId": "61304847-1DC8-442C-8194-28E52B3C1293",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF9724E-93B2-4BC7-8181-6D9521A6CC37",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9DAF8682-9B5E-4DE7-AEB0-71D5E4E6E01C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA9780-4512-4B76-BDBB-BB702535ECBD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CA2C617-8CDB-4721-A51A-47E8948DBE3E",
"versionEndIncluding": "38.0.1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5FEC7F7E-AA94-4405-93D6-D0194A37D3C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a \"SMACK SKIP-TLS\" issue."
},
{
"lang": "es",
"value": "Mozilla Network Security Services (NSS) anterior a 3.19, utilizado en Mozilla Firefox anterior a 39.0, Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1, Thunderbird anterior a 38.1, y otros productos, no determina correctamente las transiciones de estado para la m\u00e1quina de estados TLS, lo que permite a atacantes man-in-the-middle derrotar los mecanismos de protecci\u00f3n criptogr\u00e1fica mediante el bloqueo de mensajes, tal y como fue demostrado mediante la eliminaci\u00f3n de una propiedad de confidencialidad adelantada mediante el bloqueo de un mensaje ServerKeyExchange, tambi\u00e9n conocido como un problema de \u0027SMACK SKIP-TLS\u0027 ."
}
],
"id": "CVE-2015-2721",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-07-06T02:00:49.283",
"references": [
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1185.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1664.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3324"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3336"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-71.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/bid/75541"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/bid/83398"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "security@mozilla.org",
"url": "http://www.securitytracker.com/id/1032783"
},
{
"source": "security@mozilla.org",
"url": "http://www.securitytracker.com/id/1032784"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2656-1"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2656-2"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2672-1"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2673-1"
},
{
"source": "security@mozilla.org",
"tags": [
"Exploit",
"Issue Tracking",
"VDB Entry",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1086145"
},
{
"source": "security@mozilla.org",
"tags": [
"Release Notes"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes"
},
{
"source": "security@mozilla.org",
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"source": "security@mozilla.org",
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"source": "security@mozilla.org",
"tags": [
"Technical Description"
],
"url": "https://smacktls.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1185.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1664.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-71.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/83398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2656-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2656-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2672-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2673-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"VDB Entry",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1086145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "https://smacktls.com"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-23 11:12
Modified
2025-04-12 10:46
Severity ?
Summary
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BD70C79-7EA7-49CB-B3D6-6C77E0C55BB4",
"versionEndIncluding": "30.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18E772D1-DD0F-4F04-8BB4-9550F3C601E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:24.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "050A0328-B07A-4CC7-B42E-A034F3140032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:24.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "732CC40B-BCBA-436B-956F-52BE28D9B79B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:24.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4DE4CBB-6604-4AF2-B499-06BCD9E213C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:24.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "70ECF11D-B5D0-4EBA-9E1F-0978AF7C7818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:24.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A237D8D8-5656-4537-AD08-30CB8B4DAD63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:24.3:*:*:*:*:*:*:*",
"matchCriteriaId": "04B61AC7-E951-407F-A62E-490F9FEDE9C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:24.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F70319-C8E4-4F54-9449-B0C3A59BF7C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:24.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9CAD5F3B-54D7-425B-89D2-A3A86DE31BAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:24.6:*:*:*:*:*:*:*",
"matchCriteriaId": "44D4B068-3456-4748-94BE-ACBA6A026570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44E0E1D0-F71C-4A3F-B3EE-97B299EF2AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47CD4C15-02C8-42F2-9AF3-E44F74DE62B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3DDE473-7A61-46AD-9D3B-CA299928FD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "046596DB-57EB-4354-A79E-B3B1D5B4DD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0755B957-CB78-4B8E-9CFE-D53389789ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "17D292FA-E062-4C52-AE0A-CA7D183D9E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83E1A0EA-9E2F-407F-A72F-D5061B6CD318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B565D82B-CAB8-4512-B7B7-0402146DD2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "68341EA6-4FF0-4F87-AC71-4EC5D648406C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A91596AC-3F28-4BBD-A697-81909A5407B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A57A5053-018B-468C-BC18-5140E6B5B048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C2962B1B-4B7F-4527-AE4C-C76787FEDB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE921188-7A50-479F-853F-95127C9BE4E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F710939C-8598-40FE-9D5F-A3665723A5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75572113-BD36-49BB-B7A1-177EB7DD3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F18265E-EE99-4D0F-B975-22A86077A611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E3EA58-3FD3-4AD8-AA63-057F8D31301B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A51D3086-99CB-4C01-B286-3F7F6B6FB3AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA7EB49-52A7-4AFC-9D7D-0225A430B636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EAD5F88F-038C-4973-8391-C40C08573F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F474C4B3-B85D-4059-B5D9-84238A642EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BB4C26-42DC-48F7-B73B-4C88FD3D1E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0FCC4537-605F-4A3B-AAD1-FC7D0F44F6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E62D1D1B-985D-440B-AD23-3F16AEC8DA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54B8C2DA-E663-437B-83DA-5521AF002C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94C2A7CF-71DB-431C-8F13-E6F46961F68D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "000A1698-C9DE-49A1-9F5D-FDED34A134E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "601788BD-8B31-417F-AE7D-BE8E4107C1EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06A99645-6A81-40C3-B46F-3D1ABF00EF00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EBCB20B-A367-485F-9115-04EABBE69C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E38E21D-23A9-4D0D-B45B-AF019CD448F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "33955B7C-ABA0-49E3-BEF8-AD29FD31DA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "42C5B25D-E039-427D-8655-FD6BB9302793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E3FD4C-57C7-49CC-B970-18FE767A5ABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE6B5A1-2E92-427A-810F-0139632F4410",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "548E3AAC-3628-4CA4-98CF-7F3724F4355D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8E39AD87-3C6C-4B2F-AC3C-84FDBE184440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "99EDA73B-F030-48C0-AAC1-7B8FF1D9E54E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3720323-D3BD-4ACD-93B7-B1687E2B241B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AA512E-B2EA-4C73-91B9-14BD5776EE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D2D713-5A78-4D78-BF0B-2BC1A621D4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD0792F-A78A-420B-8069-67920BC5DEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A05D7AA9-8EA2-4063-B853-FE1E3CA85B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B591920E-38ED-4046-AD08-E31464C61A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7456D704-3B98-42EC-929A-91BD1E95233F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27F38E50-AF67-4F2B-9DA2-0BDC4BE7D5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "473B6DB5-D433-4B1C-9F0D-8260A143D437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D87CDFCB-B9FF-49F4-88BA-49D14E6FA8FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D4DE8E-7184-4A6B-87EA-A0B116EA0155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ADAF26C6-58D5-4273-803C-04A28FC86D79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "1F8F3540-57BF-4B9D-B0A8-61B4220905B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B063ED-8BD8-4E14-8990-D23CCB0A20BB",
"versionEndIncluding": "24.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCAFDF1-10BB-4AB0-9C9D-E99DDBA901BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:24.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31EE89B8-705F-4A05-9015-3D6E81D394E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E30AE3D4-6A3E-435E-BDBF-1A9A17297433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:24.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C705A0-62C0-485A-A077-C7DD426F80B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:24.2:*:*:*:*:*:*:*",
"matchCriteriaId": "66C802A7-E4D5-4D2D-9CE8-749A75DF7461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:24.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8A57FA-AC27-4288-8E42-97DECF3B993C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:24.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D474B11-98D0-41A3-A98B-CFB6955264AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:24.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBD940E-9EF0-460B-A721-E70C719F2244",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain."
},
{
"lang": "es",
"value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en la funci\u00f3n CERT_DestroyCertificate en libnss3.so en Mozilla Network Security Services (NSS) 3.x, utilizado en Firefox anterior a 31.0, Firefox ESR 24.x anterior a 24.7 y Thunderbird anterior a 24.7, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores que provocan cierta eliminaci\u00f3n indebida de una estructura NSSCertificate de un dominio de confianza."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/416.html\" target=\"_blank\"\u003eCWE-416: Use After Free\u003c/a\u003e",
"id": "CVE-2014-1544",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-23T11:12:42.777",
"references": [
{
"source": "security@mozilla.org",
"url": "http://secunia.com/advisories/59591"
},
{
"source": "security@mozilla.org",
"url": "http://secunia.com/advisories/59719"
},
{
"source": "security@mozilla.org",
"url": "http://secunia.com/advisories/59760"
},
{
"source": "security@mozilla.org",
"url": "http://secunia.com/advisories/60083"
},
{
"source": "security@mozilla.org",
"url": "http://secunia.com/advisories/60486"
},
{
"source": "security@mozilla.org",
"url": "http://secunia.com/advisories/60621"
},
{
"source": "security@mozilla.org",
"url": "http://secunia.com/advisories/60628"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2014/dsa-2986"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2014/dsa-2996"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-63.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/bid/68816"
},
{
"source": "security@mozilla.org",
"url": "http://www.securitytracker.com/id/1030617"
},
{
"source": "security@mozilla.org",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=963150"
},
{
"source": "security@mozilla.org",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2996"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-63.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=963150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201504-01"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-05 05:59
Modified
2025-04-12 10:46
Severity ?
Summary
Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | traffic_director | 11.1.1.7.0 | |
| oracle | traffic_director | 11.1.1.9.0 | |
| oracle | opensso | 3.0-0.7 | |
| oracle | iplanet_web_proxy_server | 4.0 | |
| mozilla | firefox | 38.0 | |
| mozilla | firefox | 38.0.1 | |
| mozilla | firefox | 38.0.5 | |
| mozilla | firefox | 38.1.0 | |
| mozilla | firefox | 38.1.1 | |
| mozilla | firefox | 38.2.0 | |
| mozilla | firefox | 38.2.1 | |
| mozilla | firefox | 38.3.0 | |
| oracle | glassfish_server | 2.1.1 | |
| mozilla | network_security_services | * | |
| mozilla | network_security_services | 3.20.0 | |
| oracle | iplanet_web_server | 7.0 | |
| mozilla | firefox | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:traffic_director:11.1.1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEFBE568-3193-45BA-92D1-D5E47C09DDEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:traffic_director:11.1.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3EB3B106-0E2D-4363-B768-4AC84F568F2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:opensso:3.0-0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9EB0C2-3654-46FD-81A0-6EF7BE87B58B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:iplanet_web_proxy_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9E3545-A799-427A-8FE4-1E8231A7A284",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35BF0AFB-26BA-4BEA-B6B8-11CF88E951DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F007CC6-9391-4E1C-A747-F3DE5E572FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "45E9641F-430C-4B3A-BD63-EC13DBD3D1E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5AADD23B-A8AF-4679-990D-C29A1D6EB5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1343A1FD-98CF-4A6C-A697-1253E538FD5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D098567-B55E-4EAC-8FAA-31FAFDD4058F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE0389BC-D295-4957-8AE7-EDAC770F596D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E75E69A5-AC94-4F35-9EFB-1BFF8B78210D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E80F5AC-A2EF-4D8A-AE8F-5DD0FF9B48C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39EA735D-20A8-4595-BFF8-7B1F5A32CDA2",
"versionEndIncluding": "3.19.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "95762E75-6DEC-4B1C-87B4-A4EA1937B710",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:iplanet_web_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A972CA67-3909-4E9A-B8FC-7AAE5126528A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A741F21D-4095-47E0-AAB4-DDBDAAC5BAB1",
"versionEndIncluding": "41.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en memoria din\u00e1mica en el decodificador ASN.1 en Mozilla Network Security Services (NSS) en versiones anteriores a 3.19.2.1 y 3.20.x en versiones anteriores a 3.20.1, como se utiliza en Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4 y otros productos, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de datos OCTET STRING manipulados."
}
],
"id": "CVE-2015-7182",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2015-11-05T05:59:06.963",
"references": [
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"
},
{
"source": "security@mozilla.org",
"url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2015/dsa-3393"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2015/dsa-3410"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Patch"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/bid/77416"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "security@mozilla.org",
"url": "http://www.securitytracker.com/id/1034069"
},
{
"source": "security@mozilla.org",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.399753"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2785-1"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2791-1"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2819-1"
},
{
"source": "security@mozilla.org",
"url": "https://bto.bluecoat.com/security-advisory/sa119"
},
{
"source": "security@mozilla.org",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1202868"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes"
},
{
"source": "security@mozilla.org",
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"source": "security@mozilla.org",
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/77416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.399753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2785-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2791-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2819-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bto.bluecoat.com/security-advisory/sa119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1202868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201605-06"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}