Known Vulnerabilities for Network Security Services by Mozilla

Listed below are 10 of the newest known vulnerabilities associated with "Network Security Services" by "Mozilla".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2026-33726	Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8,...	Not Provided	2026-03-27	2026-03-27
CVE-2020-25648	A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to sen...	7.5 - HIGH	2020-10-20	2023-11-07
CVE-2019-17007	In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a de...	7.5 - HIGH	2020-10-22	2021-02-19
CVE-2019-17006	In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where th...	9.8 - CRITICAL	2020-10-22	2021-07-21
CVE-2018-18508	In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null der...	6.5 - MEDIUM	2020-10-22	2021-02-18
CVE-2018-12404	A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This...	5.9 - MEDIUM	2019-05-02	2021-02-12
CVE-2018-12384	When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero va...	5.9 - MEDIUM	2019-04-29	2020-08-24
CVE-2017-11695	Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows...	7.8 - HIGH	2017-12-27	2020-03-16
CVE-2017-7502	Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into...	7.5 - HIGH	2017-05-30	2023-02-12
CVE-2017-5462	A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not corre...	5.3 - MEDIUM	2018-06-11	2019-10-03

Results limited to 10 most recent vulnerabilities

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Mozilla	Network Security Services	3.9.5	All	All	All
Application	Mozilla	Network Security Services	3.9.4	All	All	All
Application	Mozilla	Network Security Services	3.9.3	All	All	All
Application	Mozilla	Network Security Services	3.9.2	All	All	All
Application	Mozilla	Network Security Services	3.9.1	All	All	All
Application	Mozilla	Network Security Services	3.9	All	All	All
Application	Mozilla	Network Security Services	3.8	All	All	All
Application	Mozilla	Network Security Services	3.7.7	All	All	All
Application	Mozilla	Network Security Services	3.7.5	All	All	All
Application	Mozilla	Network Security Services	3.7.3	All	All	All
Application	Mozilla	Network Security Services	3.7.2	All	All	All
Application	Mozilla	Network Security Services	3.7.1	All	All	All
Application	Mozilla	Network Security Services	3.7	All	All	All
Application	Mozilla	Network Security Services	3.6.1	All	All	All
Application	Mozilla	Network Security Services	3.6	All	All	All
Application	Mozilla	Network Security Services	3.58	All	All	All
Application	Mozilla	Network Security Services	3.57	All	All	All
Application	Mozilla	Network Security Services	3.56	All	All	All
Application	Mozilla	Network Security Services	3.55	All	All	All
Application	Mozilla	Network Security Services	3.54	All	All	All

Results limited to 20 most recent known configurations