rpm package
suse/mozilla-nss&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-2781 | Cri | 9.8 | < 3.112.3-150400.3.63.1 | 3.112.3-150400.3.63.1 | Feb 24, 2026 | Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, Thunderbird 140.8, and Firefox ESR 115.35. | |
| CVE-2025-9187 | Cri | 9.8 | < 3.112.2-150400.3.60.1 | 3.112.2-150400.3.60.1 | Aug 19, 2025 | Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 142 and Thunderbird | |
| CVE-2023-5388 | — | < 3.101.2-150400.3.48.1 | 3.101.2-150400.3.48.1 | Mar 19, 2024 | NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. |
- affected < 3.112.3-150400.3.63.1fixed 3.112.3-150400.3.63.1
Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, Thunderbird 140.8, and Firefox ESR 115.35.
- affected < 3.112.2-150400.3.60.1fixed 3.112.2-150400.3.60.1
Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 142 and Thunderbird
- CVE-2023-5388Mar 19, 2024affected < 3.101.2-150400.3.48.1fixed 3.101.2-150400.3.48.1
NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.