rpm package
opensuse/mozilla-nss&distro=openSUSE Leap 15.3
pkg:rpm/opensuse/mozilla-nss&distro=openSUSE%20Leap%2015.3
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-31741 | — | < 3.79-150000.3.74.1 | 3.79-150000.3.74.1 | Dec 22, 2022 | A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. | ||
| CVE-2022-1097 | — | < 3.68.3-150000.3.67.1 | 3.68.3-150000.3.67.1 | Dec 22, 2022 | NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. | ||
| CVE-2021-43527 | — | < 3.68.1-3.61.1 | 3.68.1-3.61.1 | Dec 8, 2021 | NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. |
- CVE-2022-31741Dec 22, 2022affected < 3.79-150000.3.74.1fixed 3.79-150000.3.74.1
A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
- CVE-2022-1097Dec 22, 2022affected < 3.68.3-150000.3.67.1fixed 3.68.3-150000.3.67.1
NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.
- CVE-2021-43527Dec 8, 2021affected < 3.68.1-3.61.1fixed 3.68.1-3.61.1
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted.