rpm package
suse/mozilla-nss&distro=SUSE Linux Enterprise Server 15 SP2-LTSS
pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-5388 | — | < 3.90.2-150000.3.108.1 | 3.90.2-150000.3.108.1 | Mar 19, 2024 | NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. | ||
| CVE-2023-0767 | — | < 3.79.4-150000.3.93.1 | 3.79.4-150000.3.93.1 | Jun 2, 2023 | An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | ||
| CVE-2022-31741 | — | < 3.79-150000.3.74.1 | 3.79-150000.3.74.1 | Dec 22, 2022 | A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. | ||
| CVE-2022-1097 | — | < 3.68.3-150000.3.67.1 | 3.68.3-150000.3.67.1 | Dec 22, 2022 | NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. | ||
| CVE-2022-23491 | — | < 3.79.3-150000.3.90.1 | 3.79.3-150000.3.90.1 | Dec 7, 2022 | Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from | ||
| CVE-2022-3479 | — | < 3.79.3-150000.3.90.1 | 3.79.3-150000.3.90.1 | Oct 14, 2022 | A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash. |
- CVE-2023-5388Mar 19, 2024affected < 3.90.2-150000.3.108.1fixed 3.90.2-150000.3.108.1
NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
- CVE-2023-0767Jun 2, 2023affected < 3.79.4-150000.3.93.1fixed 3.79.4-150000.3.93.1
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
- CVE-2022-31741Dec 22, 2022affected < 3.79-150000.3.74.1fixed 3.79-150000.3.74.1
A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
- CVE-2022-1097Dec 22, 2022affected < 3.68.3-150000.3.67.1fixed 3.68.3-150000.3.67.1
NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.
- CVE-2022-23491Dec 7, 2022affected < 3.79.3-150000.3.90.1fixed 3.79.3-150000.3.90.1
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from
- CVE-2022-3479Oct 14, 2022affected < 3.79.3-150000.3.90.1fixed 3.79.3-150000.3.90.1
A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash.