rpm package
suse/mozilla-nspr&distro=SUSE Linux Enterprise Module for Basesystem 15 SP3
pkg:rpm/suse/mozilla-nspr&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-31741 | — | < 4.34-150000.3.23.1 | 4.34-150000.3.23.1 | Dec 22, 2022 | A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. | ||
| CVE-2020-12403 | — | < 4.32-3.20.1 | 4.32-3.20.1 | May 27, 2021 | A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly en | ||
| CVE-2020-6829 | — | < 4.32-3.20.1 | 4.32-3.20.1 | Oct 28, 2020 | When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been com | ||
| CVE-2020-25648 | — | < 4.32-3.20.1 | 4.32-3.20.1 | Oct 20, 2020 | A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system ava | ||
| CVE-2020-12401 | — | < 4.32-3.20.1 | 4.32-3.20.1 | Oct 8, 2020 | During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80. | ||
| CVE-2020-12400 | — | < 4.32-3.20.1 | 4.32-3.20.1 | Oct 8, 2020 | When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80. |
- CVE-2022-31741Dec 22, 2022affected < 4.34-150000.3.23.1fixed 4.34-150000.3.23.1
A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
- CVE-2020-12403May 27, 2021affected < 4.32-3.20.1fixed 4.32-3.20.1
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly en
- CVE-2020-6829Oct 28, 2020affected < 4.32-3.20.1fixed 4.32-3.20.1
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been com
- CVE-2020-25648Oct 20, 2020affected < 4.32-3.20.1fixed 4.32-3.20.1
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system ava
- CVE-2020-12401Oct 8, 2020affected < 4.32-3.20.1fixed 4.32-3.20.1
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
- CVE-2020-12400Oct 8, 2020affected < 4.32-3.20.1fixed 4.32-3.20.1
When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.