rpm package
suse/mozilla-nss&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-9187 | Cri | 9.8 | < 3.112.2-150000.3.132.1 | 3.112.2-150000.3.132.1 | Aug 19, 2025 | Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 142 and Thunderbird | |
| CVE-2023-5388 | — | < 3.90.2-150000.3.108.1 | 3.90.2-150000.3.108.1 | Mar 19, 2024 | NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. | ||
| CVE-2023-0767 | — | < 3.79.4-150000.3.93.1 | 3.79.4-150000.3.93.1 | Jun 2, 2023 | An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | ||
| CVE-2022-23491 | — | < 3.79.3-150000.3.90.1 | 3.79.3-150000.3.90.1 | Dec 7, 2022 | Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from | ||
| CVE-2022-3479 | — | < 3.79.3-150000.3.90.1 | 3.79.3-150000.3.90.1 | Oct 14, 2022 | A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash. |
- affected < 3.112.2-150000.3.132.1fixed 3.112.2-150000.3.132.1
Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 142 and Thunderbird
- CVE-2023-5388Mar 19, 2024affected < 3.90.2-150000.3.108.1fixed 3.90.2-150000.3.108.1
NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
- CVE-2023-0767Jun 2, 2023affected < 3.79.4-150000.3.93.1fixed 3.79.4-150000.3.93.1
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
- CVE-2022-23491Dec 7, 2022affected < 3.79.3-150000.3.90.1fixed 3.79.3-150000.3.90.1
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from
- CVE-2022-3479Oct 14, 2022affected < 3.79.3-150000.3.90.1fixed 3.79.3-150000.3.90.1
A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash.