rpm package
suse/mozilla-nss&distro=SUSE Linux Enterprise Server 12 SP1-LTSS
pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS
Vulnerabilities (43)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-7805 | — | < 3.29.5-58.3.1 | 3.29.5-58.3.1 | Jun 11, 2018 | During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leav | ||
| CVE-2017-7793 | — | < 3.29.5-58.3.1 | 3.29.5-58.3.1 | Jun 11, 2018 | A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | ||
| CVE-2017-16541 | Med | 6.5 | < 3.36.4-58.15.3 | 3.36.4-58.15.3 | Nov 4, 2017 | Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected. |
- CVE-2017-7805Jun 11, 2018affected < 3.29.5-58.3.1fixed 3.29.5-58.3.1
During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leav
- CVE-2017-7793Jun 11, 2018affected < 3.29.5-58.3.1fixed 3.29.5-58.3.1
A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
- affected < 3.36.4-58.15.3fixed 3.36.4-58.15.3
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.
Page 3 of 3