rpm package
opensuse/mozilla-nss&distro=openSUSE Leap Micro 5.3
pkg:rpm/opensuse/mozilla-nss&distro=openSUSE%20Leap%20Micro%205.3
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-5388 | — | < 3.90.2-150400.3.39.1 | 3.90.2-150400.3.39.1 | Mar 19, 2024 | NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. | ||
| CVE-2023-0767 | — | < 3.79.4-150400.3.26.1 | 3.79.4-150400.3.26.1 | Jun 2, 2023 | An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | ||
| CVE-2022-23491 | — | < 3.79.3-150400.3.23.1 | 3.79.3-150400.3.23.1 | Dec 7, 2022 | Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from | ||
| CVE-2022-3479 | — | < 3.79.3-150400.3.23.1 | 3.79.3-150400.3.23.1 | Oct 14, 2022 | A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash. |
- CVE-2023-5388Mar 19, 2024affected < 3.90.2-150400.3.39.1fixed 3.90.2-150400.3.39.1
NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
- CVE-2023-0767Jun 2, 2023affected < 3.79.4-150400.3.26.1fixed 3.79.4-150400.3.26.1
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
- CVE-2022-23491Dec 7, 2022affected < 3.79.3-150400.3.23.1fixed 3.79.3-150400.3.23.1
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from
- CVE-2022-3479Oct 14, 2022affected < 3.79.3-150400.3.23.1fixed 3.79.3-150400.3.23.1
A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash.