Mozilla Nss
Recent Mozilla Nss Security Advisories
| Advisory | Title | Published |
|---|---|---|
| mfsa2022-08 | Mozilla VPN local privilege escalation vis uncontrolled OpenSSL search path mfsa2022-08 | February 23, 2022 |
| mfsa2021-51 | Memory corruption in NSS via DER-encoded DSA and RSA-PSS signatures mfsa2021-51 | December 1, 2021 |
| mfsa2016-61 | Network Security Services (NSS) vulnerabilities mfsa2016-61 | June 7, 2016 |
| mfsa2016-36 | Use-after-free during processing of DER encoded keys in NSS mfsa2016-36 | March 8, 2016 |
| mfsa2016-35 | Buffer overflow during ASN.1 decoding in NSS mfsa2016-35 | March 8, 2016 |
| mfsa2016-15 | Use-after-free in NSS during SSL connections in low memory mfsa2016-15 | January 26, 2016 |
| mfsa2016-07 | Errors in mp_div and mp_exptmod cryptographic functions in NSS mfsa2016-07 | January 26, 2016 |
| mfsa2015-133 | NSS and NSPR memory corruption issues mfsa2015-133 | November 3, 2015 |
| mfsa2015-71 | NSS incorrectly permits skipping of ServerKeyExchange mfsa2015-71 | July 2, 2015 |
| mfsa2015-70 | NSS accepts export-length DHE keys with regular DHE cipher suites mfsa2015-70 | July 2, 2015 |
By the Year
In 2024 there have been 0 vulnerabilities in Mozilla Nss . Last year Nss had 1 security vulnerability published. Right now, Nss is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 6.50 |
| 2022 | 0 | 0.00 |
| 2021 | 2 | 9.45 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Nss vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Mozilla Nss Security Vulnerabilities
The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks
CVE-2023-4421
6.5 - Medium
- December 12, 2023
The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected ciphertexts, the attacker would be able to decrypt a previously intercepted PKCS#1 v1.5 ciphertext (for example, to decrypt a TLS session that used RSA key exchange), or forge a signature using the victim's key. The issue was fixed by implementing the implicit rejection algorithm, in which the NSS returns a deterministic random message in case invalid padding is detected, as proposed in the Marvin Attack paper. This vulnerability affects NSS < 3.61.
Side Channel Attack
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures
CVE-2021-43527
9.8 - Critical
- December 08, 2021
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.
Memory Corruption
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55
CVE-2020-12403
9.1 - Critical
- May 27, 2021
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.
Out-of-bounds Read
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request
CVE-2009-3555
- November 09, 2009
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Improper Certificate Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Fedora Project Fedora or by Mozilla? Click the Watch button to subscribe.
