Executive Summary

Summary
Title nss and nspr security, bug fix, and enhancement update
Informations
Name RHSA-2014:0917 First vendor Publication 2014-07-22
Vendor RedHat Last vendor Modification 2014-07-22
Severity (Vendor) Critical Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities.

A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1544)

A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740)

A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490)

It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491)

An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545)

It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492)

Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1544, CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues. Upstream acknowledges Tyson Smith and Jesse Schwartzentruber as the original reporters of CVE-2014-1544, Brian Smith as the original reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491, and Abhishek Arya as the original reporter of CVE-2014-1545.

In addition, the nss package has been upgraded to upstream version 3.16.1, and the nspr package has been upgraded to upstream version 4.10.

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2014-0917.html

CWE : Common Weakness Enumeration

% Id Name
25 % CWE-362 Race Condition
25 % CWE-326 Inadequate Encryption Strength
25 % CWE-310 Cryptographic Issues
25 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:22401
 
Oval ID: oval:org.mitre.oval:def:22401
Title: USN-2088-1 -- nss vulnerability
Description: NSS could be made to expose sensitive information over the network.
Family: unix Class: patch
Reference(s): USN-2088-1
CVE-2013-1740
Version: 5
Platform(s): Ubuntu 13.10
Ubuntu 12.10
Ubuntu 12.04
Ubuntu 10.04
Product(s): nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22486
 
Oval ID: oval:org.mitre.oval:def:22486
Title: DSA-2858-1 iceweasel - several
Description: Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, too-verbose error messages and missing permission checks may lead to the execution of arbitrary code, the bypass of security checks or information disclosure. This update also addresses security issues in the bundled version of the NSS crypto library.
Family: unix Class: patch
Reference(s): DSA-2858-1
CVE-2014-1477
CVE-2014-1479
CVE-2014-1481
CVE-2014-1482
CVE-2014-1486
CVE-2014-1487
CVE-2014-1490
CVE-2014-1491
Version: 5
Platform(s): Debian GNU/Linux 7
Debian GNU/kFreeBSD 7
Product(s): iceweasel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23996
 
Oval ID: oval:org.mitre.oval:def:23996
Title: Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24 does not properly restrict public values in Diffie-Hellman key exchanges
Description: Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1491
Version: 12
Platform(s): Microsoft Windows 8
Microsoft Windows 7
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Mozilla Firefox ESR
Mozilla SeaMonkey
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24194
 
Oval ID: oval:org.mitre.oval:def:24194
Title: Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket
Description: Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1490
Version: 12
Platform(s): Microsoft Windows 8
Microsoft Windows 7
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Mozilla Firefox ESR
Mozilla SeaMonkey
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24484
 
Oval ID: oval:org.mitre.oval:def:24484
Title: USN-2159-1 -- nss vulnerability
Description: NSS could be made to expose sensitive information over the network.
Family: unix Class: patch
Reference(s): USN-2159-1
CVE-2014-1492
Version: 5
Platform(s): Ubuntu 13.10
Ubuntu 12.10
Ubuntu 12.04
Ubuntu 10.04
Product(s): nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24541
 
Oval ID: oval:org.mitre.oval:def:24541
Title: Incorrect IDNA domain name matching for wildcard certificates
Description: The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1492
Version: 11
Platform(s): Microsoft Windows Server 2012 R2
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows 8
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Product(s): Mozilla Firefox
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24891
 
Oval ID: oval:org.mitre.oval:def:24891
Title: DSA-2960-1 icedove - security update
Description: Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code or denial of service.
Family: unix Class: patch
Reference(s): DSA-2960-1
CVE-2014-1533
CVE-2014-1538
CVE-2014-1541
CVE-2014-1545
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): icedove
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24914
 
Oval ID: oval:org.mitre.oval:def:24914
Title: Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain.
Description: Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1544
Version: 7
Platform(s): Microsoft Windows Server 2012 R2
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows 8
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Product(s): Mozilla Firefox
Mozilla Firefox ESR
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24988
 
Oval ID: oval:org.mitre.oval:def:24988
Title: DSA-2962-1 nspr - security update
Description: Abhiskek Arya discovered an out of bounds write in the cvt_t() function of the NetScape Portable Runtime Library which could result in the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-2962-1
CVE-2014-1545
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): nspr
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25038
 
Oval ID: oval:org.mitre.oval:def:25038
Title: DSA-2955-1 iceweasel - security update
Description: Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code or denial of service.
Family: unix Class: patch
Reference(s): DSA-2955-1
CVE-2014-1533
CVE-2014-1538
CVE-2014-1541
CVE-2014-1545
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): iceweasel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25053
 
Oval ID: oval:org.mitre.oval:def:25053
Title: USN-2265-1 -- nspr vulnerability
Description: NSPR could be made to crash or run programs if it received specially crafted input.
Family: unix Class: patch
Reference(s): USN-2265-1
CVE-2014-1545
Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 13.10
Ubuntu 12.04
Ubuntu 10.04
Product(s): nspr
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25116
 
Oval ID: oval:org.mitre.oval:def:25116
Title: RHSA-2014:0917: nss and nspr security, bug fix, and enhancement update (Critical)
Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1544) A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1544, CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues. Upstream acknowledges Tyson Smith and Jesse Schwartzentruber as the original reporters of CVE-2014-1544, Brian Smith as the original reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491, and Abhishek Arya as the original reporter of CVE-2014-1545. In addition, the nss package has been upgraded to upstream version 3.16.1, and the nspr package has been upgraded to upstream version 4.10.6. These updated packages provide a number of bug fixes and enhancements over the previous versions. (BZ#1112136, BZ#1112135) Users of NSS and NSPR are advised to upgrade to these updated packages, which correct these issues and add these enhancements. After installing this update, applications using NSS or NSPR must be restarted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0917-00
CESA-2014:0917
CVE-2013-1740
CVE-2014-1490
CVE-2014-1491
CVE-2014-1492
CVE-2014-1544
CVE-2014-1545
Version: 3
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): nspr
nss
nss-util
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25335
 
Oval ID: oval:org.mitre.oval:def:25335
Title: RHSA-2014:0916: nss and nspr security update (Critical)
Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1544) Red Hat would like to thank the Mozilla project for reporting CVE-2014-1544. Upstream acknowledges Tyson Smith and Jesse Schwartzentruber as the original reporters. Users of NSS and NSPR are advised to upgrade to these updated packages, which correct this issue. After installing this update, applications using NSS or NSPR must be restarted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0916-00
CESA-2014:0916
CVE-2014-1544
Version: 3
Platform(s): Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 5
CentOS Linux 5
CentOS Linux 7
Product(s): nspr
nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25341
 
Oval ID: oval:org.mitre.oval:def:25341
Title: SUSE-SU-2014:0665-2 -- Security update for Mozilla Firefox
Description: This Mozilla Firefox update provides several security and non-security fixes. Mozilla Firefox has been updated to the 24.5.0esr version, which fixes the following issues: * MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards * MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG images * MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object as XBL * MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web Notification API * MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history navigations * MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while resizing images * MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver Mozilla NSS has been updated to version 3.16 * required for Firefox 29 * CVE-2014-1492_ In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. * Update of root certificates.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0665-2
CVE-2014-1518
CVE-2014-1523
CVE-2014-1524
CVE-2014-1529
CVE-2014-1530
CVE-2014-1531
CVE-2014-1532
CVE-2014-1492
Version: 5
Platform(s): SUSE Linux Enterprise Server 10
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25349
 
Oval ID: oval:org.mitre.oval:def:25349
Title: SUSE-SU-2014:0727-1 -- Security update for Mozilla Firefox
Description: This Mozilla Firefox update provides several security and non-security fixes. MozillaFirefox has been updated to 24.5.0esr, which fixes the following issues: * MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards * MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG images * MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object as XBL * MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web Notification API * MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history navigations * MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while resizing images * MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver Mozilla NSS has been updated to 3.16 * required for Firefox 29 * CVE-2014-1492_ In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. * Update of root certificates.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0727-1
CVE-2014-1518
CVE-2014-1523
CVE-2014-1524
CVE-2014-1529
CVE-2014-1530
CVE-2014-1531
CVE-2014-1532
CVE-2014-1492
Version: 5
Platform(s): SUSE Linux Enterprise Server 10
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25411
 
Oval ID: oval:org.mitre.oval:def:25411
Title: SUSE-SU-2014:0824-3 -- Security update for MozillaFirefox
Description: MozillaFirefox was updated to version 24.6.0 to fix six security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0824-3
CVE-2014-1533
CVE-2014-1534
CVE-2014-1536
CVE-2014-1537
CVE-2014-1538
CVE-2014-1541
CVE-2014-1545
Version: 5
Platform(s): SUSE Linux Enterprise Server 11
Product(s): MozillaFirefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25501
 
Oval ID: oval:org.mitre.oval:def:25501
Title: SUSE-SU-2014:0665-1 -- Security update for Mozilla Firefox
Description: This Mozilla Firefox and Mozilla NSS update fixes several security and non-security issues. Mozilla Firefox has been updated to 24.5.0esr which fixes the following issues: * MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards * MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG images * MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object as XBL * MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web Notification API * MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history navigations * MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while resizing images * MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver Mozilla NSS has been updated to 3.16 * required for Firefox 29 * CVE-2014-1492_ In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. * Update of root certificates.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0665-1
CVE-2014-1518
CVE-2014-1523
CVE-2014-1524
CVE-2014-1529
CVE-2014-1530
CVE-2014-1531
CVE-2014-1532
CVE-2014-1492
Version: 5
Platform(s): SUSE Linux Enterprise Server 11
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26119
 
Oval ID: oval:org.mitre.oval:def:26119
Title: ELSA-2014-1246 -- nss and nspr security, bug fix, and enhancement update (Moderate)
Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues. Upstream acknowledges Brian Smith as the original reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491, and Abhishek Arya as the original reporter of CVE-2014-1545. The nss and nspr packages have been upgraded to upstream version 3.16.1 and 4.10.6 respectively, which provide a number of bug fixes and enhancements over the previous versions. (BZ#1110857, BZ#1110860) This update also fixes the following bugs: * Previously, when the output.log file was not present on the system, the shell in the Network Security Services (NSS) specification handled test failures incorrectly as false positive test results. Consequently, certain utilities, such as "grep", could not handle failures properly. This update improves error detection in the specification file, and "grep" and other utilities now handle missing files or crashes as intended. (BZ#1035281) * Prior to this update, a subordinate Certificate Authority (CA) of the ANSSI agency incorrectly issued an intermediate certificate installed on a network monitoring device. As a consequence, the monitoring device was enabled to act as an MITM (Man in the Middle) proxy performing traffic management of domain names or IP addresses that the certificate holder did not own or control. The trust in the intermediate certificate to issue the certificate for an MITM device has been revoked, and such a device can no longer be used for MITM attacks. (BZ#1042684) * Due to a regression, MD5 certificates were rejected by default because Network Security Services (NSS) did not trust MD5 certificates. With this update, MD5 certificates are supported in Red Hat Enterprise Linux 5. (BZ#11015864) Users of nss and nspr are advised to upgrade to these updated packages, which correct these issues and add these enhancements.
Family: unix Class: patch
Reference(s): ELSA-2014-1246
CVE-2013-1740
CVE-2014-1490
CVE-2014-1491
CVE-2014-1492
CVE-2014-1545
Version: 3
Platform(s): Oracle Linux 5
Product(s): nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26137
 
Oval ID: oval:org.mitre.oval:def:26137
Title: SUSE-SU-2014:0824-2 -- Security update for MozillaFirefox
Description: MozillaFirefox was updated to version 24.6.0 to fix six security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0824-2
CVE-2014-1533
CVE-2014-1534
CVE-2014-1536
CVE-2014-1537
CVE-2014-1538
CVE-2014-1541
CVE-2014-1545
Version: 5
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
Product(s): MozillaFirefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26138
 
Oval ID: oval:org.mitre.oval:def:26138
Title: SUSE-SU-2014:0824-1 -- Security update for MozillaFirefox
Description: MozillaFirefox was updated to version 24.6.0 to fix six security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0824-1
CVE-2014-1533
CVE-2014-1534
CVE-2014-1536
CVE-2014-1537
CVE-2014-1538
CVE-2014-1541
CVE-2014-1545
Version: 5
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Desktop 11
Product(s): MozillaFirefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26141
 
Oval ID: oval:org.mitre.oval:def:26141
Title: DSA-2994-1 -- nss - security update
Description: Several vulnerabilities have been discovered in nss, the Mozilla Network Security Service library.
Family: unix Class: patch
Reference(s): DSA-2994-1
CVE-2013-1741
CVE-2013-5606
CVE-2014-1491
CVE-2014-1492
Version: 5
Platform(s): Debian GNU/Linux 7
Debian GNU/kFreeBSD 7
Product(s): nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26168
 
Oval ID: oval:org.mitre.oval:def:26168
Title: RHSA-2014:1073: nss, nss-util, nss-softokn security, bug fix, and enhancement update (Low)
Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv3, TLS, and other security standards.
Family: unix Class: patch
Reference(s): RHSA-2014:1073-00
CESA-2014:1073
CVE-2014-1492
Version: 3
Platform(s): Red Hat Enterprise Linux 7
CentOS Linux 7
Product(s): nss
nss-softokn
nss-util
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26268
 
Oval ID: oval:org.mitre.oval:def:26268
Title: USN-2343-1 -- nss vulnerability
Description: NSS could be made to crash or run programs as your login if it processed a specially crafted certificate.
Family: unix Class: patch
Reference(s): USN-2343-1
CVE-2014-1544
Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 12.04
Ubuntu 10.04
Product(s): nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26284
 
Oval ID: oval:org.mitre.oval:def:26284
Title: SUSE-SU-2014:0905-1 -- Security update for Mozilla Firefox
Description: Mozilla Firefox has been updated to 24.6.0 to fix the security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0905-1
CVE-2014-1533
CVE-2014-1534
CVE-2014-1536
CVE-2014-1537
CVE-2014-1538
CVE-2014-1541
CVE-2014-1545
Version: 5
Platform(s): SUSE Linux Enterprise Server 10
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26451
 
Oval ID: oval:org.mitre.oval:def:26451
Title: RHSA-2014:1246: nss and nspr security, bug fix, and enhancement update (Moderate)
Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues. Upstream acknowledges Brian Smith as the original reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491, and Abhishek Arya as the original reporter of CVE-2014-1545. The nss and nspr packages have been upgraded to upstream version 3.16.1 and 4.10.6 respectively, which provide a number of bug fixes and enhancements over the previous versions. (BZ#1110857, BZ#1110860) This update also fixes the following bugs: * Previously, when the output.log file was not present on the system, the shell in the Network Security Services (NSS) specification handled test failures incorrectly as false positive test results. Consequently, certain utilities, such as "grep", could not handle failures properly. This update improves error detection in the specification file, and "grep" and other utilities now handle missing files or crashes as intended. (BZ#1035281) * Prior to this update, a subordinate Certificate Authority (CA) of the ANSSI agency incorrectly issued an intermediate certificate installed on a network monitoring device. As a consequence, the monitoring device was enabled to act as an MITM (Man in the Middle) proxy performing traffic management of domain names or IP addresses that the certificate holder did not own or control. The trust in the intermediate certificate to issue the certificate for an MITM device has been revoked, and such a device can no longer be used for MITM attacks. (BZ#1042684) * Due to a regression, MD5 certificates were rejected by default because Network Security Services (NSS) did not trust MD5 certificates. With this update, MD5 certificates are supported in Red Hat Enterprise Linux 5. (BZ#11015864) Users of nss and nspr are advised to upgrade to these updated packages, which correct these issues and add these enhancements.
Family: unix Class: patch
Reference(s): RHSA-2014:1246-00
CVE-2013-1740
CVE-2014-1490
CVE-2014-1491
CVE-2014-1492
CVE-2014-1545
CESA-2014:1246
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26703
 
Oval ID: oval:org.mitre.oval:def:26703
Title: RHSA-2014:1047: nss nad nspr bug fix and enhancement update (Moderate)
Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.
Family: unix Class: patch
Reference(s): RHSA-2014:1047-00
CVE-2013-1740
CVE-2014-1490
CVE-2014-1491
CVE-2014-1492
CVE-2014-1545
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27117
 
Oval ID: oval:org.mitre.oval:def:27117
Title: ELSA-2014-0917 -- nss and nspr security, bug fix, and enhancement update (critical)
Description: nspr [4.10.6-1] - Rebase to nspr-4.10.6 - Resolves: rhbz#1112135 nss [3.16.1-4.0.1.el6_5] - Added nss-vendor.patch to change vendor [3.16.1-4] - Update some patches on account of the rebase - Resolves: Bug 1099619 [3.16.1-3] - Backport nss-3.12.6 upstream fix required by Firefox 31 - Resolves: Bug 1099619 [3.16.1-2] - Remove two unused patches and apply a needed one that was missed - Resolves: Bug 1112136 - Rebase nss in RHEL 6.5.Z to NSS 3.16.1 [3.16.1-1] - Update to nss-3.16.1 - Resolves: Bug 1112136 - Rebase nss in RHEL 6.5.Z to NSS 3.16.1 nss-util [3.15.6-1] - Update to nss-3.16.1 - Resolves: rhbz#1112136
Family: unix Class: patch
Reference(s): ELSA-2014-0917
CVE-2013-1740
CVE-2014-1490
CVE-2014-1491
CVE-2014-1492
CVE-2014-1544
CVE-2014-1545
Version: 3
Platform(s): Oracle Linux 6
Product(s): nspr
nss
nss-util
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27251
 
Oval ID: oval:org.mitre.oval:def:27251
Title: ELSA-2014-1073 -- nss, nss-util, nss-softokn security, bug fix, and enhancement update (low)
Description: nss [3.16.2-2.0.1.el7_0] - Added nss-vendor.patch to change vendor
Family: unix Class: patch
Reference(s): ELSA-2014-1073
CVE-2014-1492
Version: 3
Platform(s): Oracle Linux 7
Product(s): nss
nss-softokn
nss-util
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27274
 
Oval ID: oval:org.mitre.oval:def:27274
Title: ELSA-2014-0916 -- nss and nspr security update (critical)
Description: nspr [4.10.2-4] - Rebase to nspr-4.10.6 - Resolves: Bug 1116199 [4.10.2-3] - Retagging - Resolves: rhbz#1032466 nss [3.15.3-7] - Remove an unused patch - Related: Bug 1116199 [3.15.3-6] - Fix race-condition in certificate validation - Resolves: Bug 1116199 [3.15.3-5] - Remove two unused patches - Resolves: Bug 1042683 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117)
Family: unix Class: patch
Reference(s): ELSA-2014-0916
CVE-2014-1544
Version: 3
Platform(s): Oracle Linux 5
Product(s): nspr
nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27684
 
Oval ID: oval:org.mitre.oval:def:27684
Title: DSA-3071-1 -- nss security update
Description: In nss, a set of libraries designed to support cross-platform development of security-enabled client and server applications, Tyson Smith and Jesse Schwartzentruber discovered a use-after-free vulnerability that allows remote attackers to execute arbitrary code by triggering the improper removal of an NSSCertificate structure from a trust domain.
Family: unix Class: patch
Reference(s): DSA-3071-1
CVE-2014-1544
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): nss
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 360
Application 40
Application 44
Application 71
Application 207
Application 252
Application 7
Application 1
Os 3
Os 2
Os 2
Os 3
Os 1
Os 1
Os 1
Os 1

Information Assurance Vulnerability Management (IAVM)

Date Description
2014-07-24 IAVM : 2014-A-0113 - Multiple Vulnerabilities in Mozilla Products
Severity : Category I - VMSKEY : V0053309
2014-06-12 IAVM : 2014-A-0082 - Multiple Vulnerabilities in Mozilla Products
Severity : Category I - VMSKEY : V0052487
2014-02-06 IAVM : 2014-A-0021 - Multiple Vulnerabilities in Mozilla Products
Severity : Category I - VMSKEY : V0043921

Nessus® Vulnerability Scanner

Date Description
2016-05-18 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL16716.nasl - Type : ACT_GATHER_INFO
2015-05-29 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-529.nasl - Type : ACT_GATHER_INFO
2015-05-29 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-530.nasl - Type : ACT_GATHER_INFO
2015-05-29 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-531.nasl - Type : ACT_GATHER_INFO
2015-05-29 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-532.nasl - Type : ACT_GATHER_INFO
2015-05-29 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-533.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0665-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0665-2.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0727-1.nasl - Type : ACT_GATHER_INFO
2015-04-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201504-01.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-23.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-32.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-89.nasl - Type : ACT_GATHER_INFO
2015-03-19 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-059.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_firefox_20141216.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3071.nasl - Type : ACT_GATHER_INFO
2014-11-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0915.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2014-0979.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1165.nasl - Type : ACT_GATHER_INFO
2014-10-31 Name : The remote host is affected by multiple vulnerabilities.
File : oracle_opensso_agent_cpu_oct_2014.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-384.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-385.nasl - Type : ACT_GATHER_INFO
2014-10-01 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1246.nasl - Type : ACT_GATHER_INFO
2014-09-29 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140916_nss_and_nspr_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-09-18 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1246.nasl - Type : ACT_GATHER_INFO
2014-09-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1246.nasl - Type : ACT_GATHER_INFO
2014-09-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2343-1.nasl - Type : ACT_GATHER_INFO
2014-08-19 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1073.nasl - Type : ACT_GATHER_INFO
2014-08-19 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1073.nasl - Type : ACT_GATHER_INFO
2014-08-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1073.nasl - Type : ACT_GATHER_INFO
2014-08-12 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-487.nasl - Type : ACT_GATHER_INFO
2014-08-04 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2996.nasl - Type : ACT_GATHER_INFO
2014-08-04 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_firefox-201407-140729.nasl - Type : ACT_GATHER_INFO
2014-08-04 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_firefox-201407-140730.nasl - Type : ACT_GATHER_INFO
2014-08-01 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2994.nasl - Type : ACT_GATHER_INFO
2014-08-01 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-476.nasl - Type : ACT_GATHER_INFO
2014-07-31 Name : The remote host is running software with multiple vulnerabilities.
File : oracle_traffic_director_july_2014_cpu.nasl - Type : ACT_GATHER_INFO
2014-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-139.nasl - Type : ACT_GATHER_INFO
2014-07-30 Name : The remote openSUSE host is missing a security update.
File : suse_12_3_openSUSE-2014--140725.nasl - Type : ACT_GATHER_INFO
2014-07-30 Name : The remote openSUSE host is missing a security update.
File : suse_13_1_openSUSE-2014--140725.nasl - Type : ACT_GATHER_INFO
2014-07-26 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2986.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_978b0f76122d11e4afe3bc5ff4fb5e7b.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_firefox_24_7_esr.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_firefox_31.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote Mac OS X host contains a mail client that is affected by multiple ...
File : macosx_thunderbird_24_7.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote Mac OS X host contains a mail client that is affected by multiple ...
File : macosx_thunderbird_31_0.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_24_7_esr.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_31.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_24_7.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_31_0.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0916.nasl - Type : ACT_GATHER_INFO
2014-07-23 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0916.nasl - Type : ACT_GATHER_INFO
2014-07-23 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0917.nasl - Type : ACT_GATHER_INFO
2014-07-23 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0917.nasl - Type : ACT_GATHER_INFO
2014-07-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0916.nasl - Type : ACT_GATHER_INFO
2014-07-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0917.nasl - Type : ACT_GATHER_INFO
2014-07-23 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140722_nss_and_nspr_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-07-23 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140722_nss_and_nspr_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-07-23 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2295-1.nasl - Type : ACT_GATHER_INFO
2014-07-23 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2296-1.nasl - Type : ACT_GATHER_INFO
2014-07-18 Name : The remote web server is affected by multiple vulnerabilities.
File : glassfish_cpu_jul_2014.nasl - Type : ACT_GATHER_INFO
2014-07-18 Name : A web proxy server on the remote host is affected by multiple vulnerabilities.
File : iplanet_web_proxy_4_0_24.nasl - Type : ACT_GATHER_INFO
2014-07-18 Name : The remote web server is affected by multiple vulnerabilities.
File : sun_java_web_server_7_0_20.nasl - Type : ACT_GATHER_INFO
2014-07-03 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2265-1.nasl - Type : ACT_GATHER_INFO
2014-07-02 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-447.nasl - Type : ACT_GATHER_INFO
2014-07-02 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-448.nasl - Type : ACT_GATHER_INFO
2014-06-23 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-432.nasl - Type : ACT_GATHER_INFO
2014-06-23 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_Firefox-2014-06-140612.nasl - Type : ACT_GATHER_INFO
2014-06-18 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2962.nasl - Type : ACT_GATHER_INFO
2014-06-17 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2960.nasl - Type : ACT_GATHER_INFO
2014-06-16 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-125.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-119.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-336.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-354.nasl - Type : ACT_GATHER_INFO
2014-06-12 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2955.nasl - Type : ACT_GATHER_INFO
2014-06-11 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_888a0262f0d911e3ba0cb4b52fce4ce8.nasl - Type : ACT_GATHER_INFO
2014-05-14 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-201404-140501.nasl - Type : ACT_GATHER_INFO
2014-05-03 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2014-5829.nasl - Type : ACT_GATHER_INFO
2014-04-30 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_985d4d6ccfbd11e3a003b4b52fce4ce8.nasl - Type : ACT_GATHER_INFO
2014-04-30 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2185-1.nasl - Type : ACT_GATHER_INFO
2014-04-29 Name : The remote Mac OS X host contains a web browser that is potentially affected ...
File : macosx_firefox_29.nasl - Type : ACT_GATHER_INFO
2014-04-29 Name : The remote Windows host contains a web browser that is potentially affected b...
File : mozilla_firefox_29.nasl - Type : ACT_GATHER_INFO
2014-04-29 Name : The remote Windows host contains a web browser that is potentially affected b...
File : seamonkey_2_26.nasl - Type : ACT_GATHER_INFO
2014-04-03 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2159-1.nasl - Type : ACT_GATHER_INFO
2014-03-31 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-086-04.nasl - Type : ACT_GATHER_INFO
2014-03-02 Name : The remote Fedora host is missing a security update.
File : fedora_2014-2083.nasl - Type : ACT_GATHER_INFO
2014-02-20 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2102-2.nasl - Type : ACT_GATHER_INFO
2014-02-20 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2119-1.nasl - Type : ACT_GATHER_INFO
2014-02-18 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_firefox-201402-140207.nasl - Type : ACT_GATHER_INFO
2014-02-12 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2858.nasl - Type : ACT_GATHER_INFO
2014-02-11 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2102-1.nasl - Type : ACT_GATHER_INFO
2014-02-07 Name : The remote Fedora host is missing a security update.
File : fedora_2014-2041.nasl - Type : ACT_GATHER_INFO
2014-02-05 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_1753f0ff8dd511e39b45b4b52fce4ce8.nasl - Type : ACT_GATHER_INFO
2014-02-05 Name : The remote Mac OS X host contains a web browser that is potentially affected ...
File : macosx_firefox_24_3_esr.nasl - Type : ACT_GATHER_INFO
2014-02-05 Name : The remote Mac OS X host contains a web browser that is potentially affected ...
File : macosx_firefox_27.nasl - Type : ACT_GATHER_INFO
2014-02-05 Name : The remote Mac OS X host contains a mail client that is potentially affected ...
File : macosx_thunderbird_24_3.nasl - Type : ACT_GATHER_INFO
2014-02-05 Name : The remote Windows host contains a web browser that is potentially affected b...
File : mozilla_firefox_24_3_esr.nasl - Type : ACT_GATHER_INFO
2014-02-05 Name : The remote Windows host contains a web browser that is potentially affected b...
File : mozilla_firefox_27.nasl - Type : ACT_GATHER_INFO
2014-02-05 Name : The remote Windows host contains a mail client that is potentially affected b...
File : mozilla_thunderbird_24_3.nasl - Type : ACT_GATHER_INFO
2014-02-05 Name : The remote Windows host contains a web browser that is potentially affected b...
File : seamonkey_2_24.nasl - Type : ACT_GATHER_INFO
2014-02-04 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2014-1100.nasl - Type : ACT_GATHER_INFO
2014-01-29 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-028-02.nasl - Type : ACT_GATHER_INFO
2014-01-24 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2088-1.nasl - Type : ACT_GATHER_INFO
2014-01-21 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2014-1120.nasl - Type : ACT_GATHER_INFO
2014-01-21 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-012.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2016-01-22 09:26:29
  • Multiple Updates
2014-07-24 13:25:35
  • Multiple Updates
2014-07-23 17:26:33
  • Multiple Updates
2014-07-23 00:20:56
  • First insertion