rpm package
suse/mozilla-nspr&distro=SUSE Linux Enterprise Module for Basesystem 15 SP2
pkg:rpm/suse/mozilla-nspr&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2
Vulnerabilities (17)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-12403 | — | < 4.32-3.20.1 | 4.32-3.20.1 | May 27, 2021 | A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly en | ||
| CVE-2021-23981 | — | < 4.25.1-3.17.1 | 4.25.1-3.17.1 | Mar 31, 2021 | A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thun | ||
| CVE-2021-23982 | — | < 4.25.1-3.17.1 | 4.25.1-3.17.1 | Mar 31, 2021 | Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and T | ||
| CVE-2021-23984 | — | < 4.25.1-3.17.1 | 4.25.1-3.17.1 | Mar 31, 2021 | A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing cred | ||
| CVE-2021-23987 | — | < 4.25.1-3.17.1 | 4.25.1-3.17.1 | Mar 31, 2021 | Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vuln | ||
| CVE-2020-15969 | — | < 4.25.1-3.15.2 | 4.25.1-3.15.2 | Nov 3, 2020 | Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6829 | — | < 4.32-3.20.1 | 4.32-3.20.1 | Oct 28, 2020 | When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been com | ||
| CVE-2020-15683 | — | < 4.25.1-3.15.2 | 4.25.1-3.15.2 | Oct 22, 2020 | Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vuln | ||
| CVE-2019-17006 | — | < 4.25-3.12.1 | 4.25-3.12.1 | Oct 22, 2020 | In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. | ||
| CVE-2020-25648 | — | < 4.32-3.20.1 | 4.32-3.20.1 | Oct 20, 2020 | A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system ava | ||
| CVE-2020-12401 | — | < 4.32-3.20.1 | 4.32-3.20.1 | Oct 8, 2020 | During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80. | ||
| CVE-2020-12400 | — | < 4.32-3.20.1 | 4.32-3.20.1 | Oct 8, 2020 | When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80. | ||
| CVE-2020-15673 | — | < 4.25.1-3.15.2 | 4.25.1-3.15.2 | Oct 1, 2020 | Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Fire | ||
| CVE-2020-15676 | — | < 4.25.1-3.15.2 | 4.25.1-3.15.2 | Oct 1, 2020 | Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firef | ||
| CVE-2020-15677 | — | < 4.25.1-3.15.2 | 4.25.1-3.15.2 | Oct 1, 2020 | By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerabi | ||
| CVE-2020-15678 | — | < 4.25.1-3.15.2 | 4.25.1-3.15.2 | Oct 1, 2020 | When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability | ||
| CVE-2020-12399 | — | < 4.25-3.12.1 | 4.25-3.12.1 | Jul 9, 2020 | NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. |
- CVE-2020-12403May 27, 2021affected < 4.32-3.20.1fixed 4.32-3.20.1
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly en
- CVE-2021-23981Mar 31, 2021affected < 4.25.1-3.17.1fixed 4.25.1-3.17.1
A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thun
- CVE-2021-23982Mar 31, 2021affected < 4.25.1-3.17.1fixed 4.25.1-3.17.1
Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and T
- CVE-2021-23984Mar 31, 2021affected < 4.25.1-3.17.1fixed 4.25.1-3.17.1
A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing cred
- CVE-2021-23987Mar 31, 2021affected < 4.25.1-3.17.1fixed 4.25.1-3.17.1
Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vuln
- CVE-2020-15969Nov 3, 2020affected < 4.25.1-3.15.2fixed 4.25.1-3.15.2
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6829Oct 28, 2020affected < 4.32-3.20.1fixed 4.32-3.20.1
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been com
- CVE-2020-15683Oct 22, 2020affected < 4.25.1-3.15.2fixed 4.25.1-3.15.2
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vuln
- CVE-2019-17006Oct 22, 2020affected < 4.25-3.12.1fixed 4.25-3.12.1
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
- CVE-2020-25648Oct 20, 2020affected < 4.32-3.20.1fixed 4.32-3.20.1
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system ava
- CVE-2020-12401Oct 8, 2020affected < 4.32-3.20.1fixed 4.32-3.20.1
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
- CVE-2020-12400Oct 8, 2020affected < 4.32-3.20.1fixed 4.32-3.20.1
When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
- CVE-2020-15673Oct 1, 2020affected < 4.25.1-3.15.2fixed 4.25.1-3.15.2
Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Fire
- CVE-2020-15676Oct 1, 2020affected < 4.25.1-3.15.2fixed 4.25.1-3.15.2
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firef
- CVE-2020-15677Oct 1, 2020affected < 4.25.1-3.15.2fixed 4.25.1-3.15.2
By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerabi
- CVE-2020-15678Oct 1, 2020affected < 4.25.1-3.15.2fixed 4.25.1-3.15.2
When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability
- CVE-2020-12399Jul 9, 2020affected < 4.25-3.12.1fixed 4.25-3.12.1
NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.