Mozilla Nss
8 CVEs affecting Mozilla Nss. Latest disclosed: 2023-12-12. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2009-3555 | Critical | 9.8 | 2009-11-09 | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Serve… |
CVE-2016-1938 | Medium | 6.5 | 2016-01-31 | The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divide… |
CVE-2016-8635 | Medium | 5.3 | 2018-08-01 | It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this fla… |
CVE-2023-4421 | | 2023-12-12 | The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding… | |
CVE-2021-43527 | | 2021-12-08 | NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. App… | |
CVE-2019-17007 | | 2020-10-22 | In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service. | |
CVE-2019-17006 | | 2020-10-22 | In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library… | |
CVE-2018-18508 | | 2020-10-22 | In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of… |