Mozilla Network Security Service CVE-2018-12384 Information Disclosure Vulnerability
BID:105218
Info
Mozilla Network Security Service CVE-2018-12384 Information Disclosure Vulnerability
| Bugtraq ID: | 105218 |
| Class: | Design Error |
| CVE: |
CVE-2018-12384 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 03 2018 12:00AM |
| Updated: | Oct 30 2018 10:00AM |
| Credit: | Mozilla |
| Vulnerable: |
Redhat Enterprise Linux 7 Redhat Enterprise Linux 6 Oracle VM Server for x86 3.4 Oracle VM Server for x86 3.3 Oracle Linux 7 Oracle Linux 6.0 Mozilla Network Security Services (NSS) 3.28.4 Mozilla Network Security Services (NSS) 3.28 Mozilla Network Security Services (NSS) 3.21.4 Mozilla Network Security Services (NSS) 3.21.1 Mozilla Network Security Services (NSS) 3.20.2 Mozilla Network Security Services (NSS) 3.20.1 Mozilla Network Security Services (NSS) 3.19.1 Mozilla Network Security Services (NSS) 3.17.3 Mozilla Network Security Services (NSS) 3.17.1 Mozilla Network Security Services (NSS) 3.15.4 Mozilla Network Security Services (NSS) 3.15.3 Mozilla Network Security Services (NSS) 3.15.2 Mozilla Network Security Services (NSS) 3.15.1 Mozilla Network Security Services (NSS) 3.14.5 Mozilla Network Security Services (NSS) 3.14.4 Mozilla Network Security Services (NSS) 3.12.10 Mozilla Network Security Services (NSS) 3.12.8 Mozilla Network Security Services (NSS) 3.12.5 Mozilla Network Security Services (NSS) 3.12.4 Mozilla Network Security Services (NSS) 3.12.3 Mozilla Network Security Services (NSS) 3.12.2 Mozilla Network Security Services (NSS) 3.12.1 Mozilla Network Security Services (NSS) 3.11.3 Mozilla Network Security Services (NSS) 3.9.2 Mozilla Network Security Services (NSS) 3.9 Mozilla Network Security Services (NSS) 3.8 Mozilla Network Security Services (NSS) 3.7.7 Mozilla Network Security Services (NSS) 3.7.5 Mozilla Network Security Services (NSS) 3.7.3 Mozilla Network Security Services (NSS) 3.7.2 Mozilla Network Security Services (NSS) 3.7.1 Mozilla Network Security Services (NSS) 3.7 Mozilla Network Security Services (NSS) 3.6.1 Mozilla Network Security Services (NSS) 3.6 Mozilla Network Security Services (NSS) 3.5 Mozilla Network Security Services (NSS) 3.4.2 Mozilla Network Security Services (NSS) 3.4.1 Mozilla Network Security Services (NSS) 3.4 Mozilla Network Security Services (NSS) 3.3.2 Mozilla Network Security Services (NSS) 3.3.1 Mozilla Network Security Services (NSS) 3.3 Mozilla Network Security Services (NSS) 3.2.1 Mozilla Network Security Services (NSS) 3.2 Mozilla Network Security Services (NSS) 3.36 Mozilla Network Security Services (NSS) 3.24.0 Mozilla Network Security Services (NSS) 3.23 Mozilla Network Security Services (NSS) 3.21 Mozilla Network Security Services (NSS) 3.20 Mozilla Network Security Services (NSS) 3.19.2.3 Mozilla Network Security Services (NSS) 3.17 Mozilla Network Security Services (NSS) 3.16.5 Mozilla Network Security Services (NSS) 3.16.2.1 Mozilla Network Security Services (NSS) 3.16 Mozilla Network Security Services (NSS) 3.15.5 Mozilla Network Security Services (NSS) 3.15.3.1 Mozilla Network Security Services (NSS) 3.15 Mozilla Network Security Services (NSS) 3.14.3 Mozilla Network Security Services (NSS) 3.14.2 Mozilla Network Security Services (NSS) 3.14.1 Mozilla Network Security Services (NSS) 3.14 Mozilla Network Security Services (NSS) 3.13.4 Mozilla Network Security Services (NSS) 3.13.3 Mozilla Network Security Services (NSS) 3.12.9 Mozilla Network Security Services (NSS) 3.12.7 Mozilla Network Security Services (NSS) 3.12.6 Mozilla Network Security Services (NSS) 3.12.3.2 Mozilla Network Security Services (NSS) 3.12.3.1 Mozilla Network Security Services (NSS) 3.12.11 Mozilla Network Security Services (NSS) 3.12 Mozilla Network Security Services (NSS) 3.11 Mozilla Network Security Services (NSS) 0 Mozilla Network Security Services 3.26.1 Mozilla Network Security Services 3.26 Mozilla Network Security Services 3.20.1 Mozilla Network Security Services 3.20 Mozilla Network Security Services 3.19.4 Mozilla Network Security Services 3.19.2.1 Mozilla Network Security Services 3.19.2.0 |
| Not Vulnerable: |
Mozilla Network Security Services (NSS) 3.36.5 Mozilla Network Security Services (NSS) 3.39 |
Discussion
Mozilla Network Security Service CVE-2018-12384 Information Disclosure Vulnerability
Mozilla Network Security Service is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks.
Mozilla Network Security Service is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks.
Exploit / POC
Mozilla Network Security Service CVE-2018-12384 Information Disclosure Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Mozilla Network Security Service CVE-2018-12384 Information Disclosure Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Mozilla Network Security Service CVE-2018-12384 Information Disclosure Vulnerability
References:
References:
- Bug 1622089 - (CVE-2018-12384) CVE-2018-12384 nss: ServerHello.random is all zer (Red Hat Bugzilla)
- CVE-2018-12384 (Red Hat Bugzilla)
- Network Security Services HomePage (Mozilla)
- NSS 3.36.5 release notes (Mozilla)
- NSS 3.39 release notes (Mozilla)
- Oracle Linux Bulletin - October 2018 (Oracle)
- Oracle VM Server for x86 Bulletin - October 2018 (Oracle)