Known Vulnerabilities for Network Security Services by Mozilla

Listed below are 10 of the newest known vulnerabilities associated with the software "Network Security Services" by "Mozilla".

These CVEs are retrieved based on exact matches on listed software and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-43527 NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-enco... Not Provided 2021-12-08 2021-12-29
CVE-2020-25648 A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to sen... 7.5 - HIGH 2020-10-20 2021-12-07
CVE-2019-17007 In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a de... 7.5 - HIGH 2020-10-22 2021-02-19
CVE-2019-17006 In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where th... 9.8 - CRITICAL 2020-10-22 2021-07-21
CVE-2018-18508 In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null der... 6.5 - MEDIUM 2020-10-22 2021-02-18
CVE-2018-12404 A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This... 5.9 - MEDIUM 2019-05-02 2021-02-12
CVE-2018-12384 When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero va... 5.9 - MEDIUM 2019-04-29 2020-08-24
CVE-2017-11695 Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows... 7.8 - HIGH 2017-12-27 2020-03-16
CVE-2017-7502 Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into... 7.5 - HIGH 2017-05-30 2018-01-05
CVE-2017-5462 A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not corre... 5.3 - MEDIUM 2018-06-11 2019-10-03

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationMozillaNetwork Security Services3.9.5AllAllAll
ApplicationMozillaNetwork Security Services3.9.4AllAllAll
ApplicationMozillaNetwork Security Services3.9.3AllAllAll
ApplicationMozillaNetwork Security Services3.9.2AllAllAll
ApplicationMozillaNetwork Security Services3.9.1AllAllAll
ApplicationMozillaNetwork Security Services3.9AllAllAll
ApplicationMozillaNetwork Security Services3.8AllAllAll
ApplicationMozillaNetwork Security Services3.7.7AllAllAll
ApplicationMozillaNetwork Security Services3.7.5AllAllAll
ApplicationMozillaNetwork Security Services3.7.3AllAllAll
ApplicationMozillaNetwork Security Services3.7.2AllAllAll
ApplicationMozillaNetwork Security Services3.7.1AllAllAll
ApplicationMozillaNetwork Security Services3.7AllAllAll
ApplicationMozillaNetwork Security Services3.6.1AllAllAll
ApplicationMozillaNetwork Security Services3.6AllAllAll
ApplicationMozillaNetwork Security Services3.58AllAllAll
ApplicationMozillaNetwork Security Services3.57AllAllAll
ApplicationMozillaNetwork Security Services3.56AllAllAll
ApplicationMozillaNetwork Security Services3.55AllAllAll
ApplicationMozillaNetwork Security Services3.54AllAllAll

Popular searches for Network Security Services

Network Security Services - Mozilla | MDN

www.mozilla.org/projects/security/pki/nss

Network Security Services - Mozilla | MDN Network Security Services S Q O NSS is a set of libraries designed to support cross-platform development of security Applications built with NSS can support SSL v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.

developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS www.mozilla.org/projects/security/pki/nss/index.html www.mozilla.org/projects/security/pki/nss/tools developer.mozilla.org/en-US/docs/NSS www.mozilla.org/projects/security/pki/nss/ref/ssl www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt www.mozilla.org/projects/security/pki/nss/tools/certutil.html developer.mozilla.org/en/NSS Network Security Services Transport Layer Security PKCS Mozilla PKCS 11 Computer security Library (computing) Public key certificate Return receipt Cross-platform software Client–server model X.509 S/MIME Netscape Portable Runtime FAQ PKCS 12 Backup Exec Application programming interface Application software Information

Overview of NSS - Mozilla | MDN

developer.mozilla.org/en-US/docs/Overview_of_NSS

Overview of NSS - Mozilla | MDN B @ >If you want to add support for SSL, S/MIME, or other Internet security 0 . , standards to your application, you can use Network Security Services ! NSS to implement all your security features. NSS provides a complete open-source implementation of the crypto libraries used by AOL, Red Hat, Google, and other companies in a variety of products, including the following:

developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Overview Network Security Services Transport Layer Security RSA (cryptosystem) Mozilla Application software PKCS Library (computing) S/MIME Open-source software Return receipt Red Hat Internet security AOL Public-key cryptography Google Implementation Netscape Portable Runtime Cryptography Request for Comments Encryption

© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report