This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Mozilla | First view | 2009-11-09 |
| Product | Nss | Last view | 2021-12-08 |
| Version | 3.7.3 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:mozilla:nss | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.8 | 2021-12-08 | CVE-2021-43527 | NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1. |
| 9.1 | 2021-05-27 | CVE-2020-12403 | A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability. |
| 7.5 | 2019-11-15 | CVE-2016-5285 | A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. |
| 5.8 | 2009-11-09 | CVE-2009-3555 | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 25% (1) | CWE-787 | Out-of-bounds Write |
| 25% (1) | CWE-476 | NULL Pointer Dereference |
| 25% (1) | CWE-295 | Certificate Issues |
| 25% (1) | CWE-125 | Out-of-bounds Read |
Open Source Vulnerability Database (OSVDB)
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 77832 | Parallels Plesk Panel Billing System TLS Renegotiation Handshakes MiTM Plaint... |
| 75622 | Blue Coat Director TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 74335 | Hitachi Web Server TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 71961 | Oracle Fusion Middleware Oracle WebLogic Server TLS Renegotiation Handshakes ... |
| 71951 | Oracle Multiple Products Oracle Security Service TLS Renegotiation Handshakes... |
| 70620 | mGuard TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 70055 | Oracle Supply Chain Transportation Management TLS Renegotiation Handshakes Mi... |
| 69561 | IBM WebSphere MQ Internet Pass-Thru TLS Renegotiation Handshake MiTM Plaintex... |
| 69032 | Oracle Java SE / Java for Business TLS Renegotiation Handshake MiTM Plaintext... |
| 67029 | HP Threat Management Services zl Module TLS Renegotiation Handshakes MiTM Pla... |
| 66315 | HP Insight Manager TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 65202 | OpenOffice.org (OOo) TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 64725 | HP System Management Homepage (SMH) TLS Renegotiation Handshakes MiTM Plainte... |
| 64499 | ArubaOS HTTPS WebUI Admin Interface TLS Renegotiation Handshakes MiTM Plainte... |
| 64040 | IBM DB2 TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 62877 | SSH Tectia Audit Player TLS Renegotiation Handshakes MiTM Plaintext Data Inje... |
| 62536 | Blue Coat Products TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 62273 | Opera TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 62210 | Aruba Mobility Controller TLS Renegotiation Handshakes MiTM Plaintext Data In... |
| 62135 | Network Security Services (NSS) TLS Renegotiation Handshakes MiTM Plaintext D... |
| 62064 | IBM Java TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 61929 | IBM WebSphere Application Server TLS Renegotiation Handshakes MiTM Plaintext ... |
| 61785 | Avaya Products Multiple Product TLS Renegotiation Handshakes MiTM Plaintext D... |
| 61784 | Sun Java System Multiple Product TLS Renegotiation Handshakes MiTM Plaintext ... |
| 61718 | IBM WebSphere DataPower TLS Renegotiation Handshakes MiTM Plaintext Data Inje... |
ExploitDB Exploits
| id | Description |
|---|---|
| 10579 | TLS Renegotiation Vulnerability PoC Exploit |
OpenVAS Exploits
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-18 (GnuTLS) File : nvt/glsa_201206_18.nasl |
| 2012-04-30 | Name : Gentoo Security Advisory GLSA 201203-22 (nginx) File : nvt/glsa_201203_22.nasl |
| 2012-03-16 | Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe... File : nvt/gb_VMSA-2011-0003.nasl |
| 2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-05 (gnutls) File : nvt/glsa_201110_05.nasl |
| 2011-08-09 | Name : CentOS Update for gnutls CESA-2010:0166 centos5 i386 File : nvt/gb_CESA-2010_0166_gnutls_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for httpd CESA-2009:1579 centos3 i386 File : nvt/gb_CESA-2009_1579_httpd_centos3_i386.nasl |
| 2011-08-09 | Name : CentOS Update for httpd CESA-2009:1579 centos5 i386 File : nvt/gb_CESA-2009_1579_httpd_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for httpd CESA-2009:1580 centos4 i386 File : nvt/gb_CESA-2009_1580_httpd_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for openssl CESA-2010:0162 centos5 i386 File : nvt/gb_CESA-2010_0162_openssl_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for openssl097a CESA-2010:0164 centos5 i386 File : nvt/gb_CESA-2010_0164_openssl097a_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for nspr CESA-2010:0165 centos5 i386 File : nvt/gb_CESA-2010_0165_nspr_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for java CESA-2010:0339 centos5 i386 File : nvt/gb_CESA-2010_0339_java_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for java CESA-2010:0768 centos5 i386 File : nvt/gb_CESA-2010_0768_java_centos5_i386.nasl |
| 2011-03-09 | Name : Gentoo Security Advisory GLSA 201006-18 (sun-jre-bin sun-jdk emul-linux-x86-j... File : nvt/glsa_201006_18.nasl |
| 2011-03-07 | Name : Debian Security Advisory DSA 2161-2 (openjdk-6) File : nvt/deb_2161_2.nasl |
| 2011-01-04 | Name : HP-UX Update for Java HPSBUX02608 File : nvt/gb_hp_ux_HPSBUX02608.nasl |
| 2010-12-02 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-16312 File : nvt/gb_fedora_2010_16312_java-1.6.0-openjdk_fc14.nasl |
| 2010-11-23 | Name : Fedora Update for openssl FEDORA-2010-17826 File : nvt/gb_fedora_2010_17826_openssl_fc12.nasl |
| 2010-11-16 | Name : Fedora Update for nss FEDORA-2010-15989 File : nvt/gb_fedora_2010_15989_nss_fc12.nasl |
| 2010-11-16 | Name : Fedora Update for proftpd FEDORA-2010-17220 File : nvt/gb_fedora_2010_17220_proftpd_fc12.nasl |
| 2010-11-04 | Name : Ubuntu Update for openjdk-6, openjdk-6b18 vulnerabilities USN-1010-1 File : nvt/gb_ubuntu_USN_1010_1.nasl |
| 2010-10-22 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-16294 File : nvt/gb_fedora_2010_16294_java-1.6.0-openjdk_fc13.nasl |
| 2010-10-22 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-16240 File : nvt/gb_fedora_2010_16240_java-1.6.0-openjdk_fc12.nasl |
| 2010-10-19 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2010:0768-01 File : nvt/gb_RHSA-2010_0768-01_java-1.6.0-openjdk.nasl |
| 2010-09-27 | Name : Ubuntu Update for openssl vulnerability USN-990-1 File : nvt/gb_ubuntu_USN_990_1.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2012-B-0048 | Multiple Vulnerabilities in HP Systems Insight Manager Severity: Category I - VMSKEY: V0032178 |
| 2012-B-0038 | Multiple Vulnerabilities in HP Onboard Administrator Severity: Category I - VMSKEY: V0031972 |
| 2011-A-0066 | Multiple Vulnerabilities in VMware Products Severity: Category I - VMSKEY: V0027158 |
Nessus® Vulnerability Scanner
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 2018-04-03 | Name: The remote web server may allow remote code execution. File: iis_7_pci.nasl - Type: ACT_GATHER_INFO |
| 2018-03-09 | Name: The remote web server is affected by multiple vulnerabilities. File: nginx_0_7_64.nasl - Type: ACT_GATHER_INFO |
| 2017-11-17 | Name: The remote host is affected by a MITM vulnerability. File: fortios_FG-IR-17-137.nasl - Type: ACT_GATHER_INFO |
| 2017-05-01 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2016-1084.nasl - Type: ACT_GATHER_INFO |
| 2017-01-20 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201701-46.nasl - Type: ACT_GATHER_INFO |
| 2017-01-05 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-3163-1.nasl - Type: ACT_GATHER_INFO |
| 2016-12-16 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2016-774.nasl - Type: ACT_GATHER_INFO |
| 2016-12-14 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-3105-1.nasl - Type: ACT_GATHER_INFO |
| 2016-12-12 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-3080-1.nasl - Type: ACT_GATHER_INFO |
| 2016-12-06 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-3014-1.nasl - Type: ACT_GATHER_INFO |
| 2016-11-22 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20161116_nss_and_nss_util_on_SL5_x.nasl - Type: ACT_GATHER_INFO |
| 2016-11-21 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2016-2779.nasl - Type: ACT_GATHER_INFO |
| 2016-11-17 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2016-2779.nasl - Type: ACT_GATHER_INFO |
| 2016-11-16 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2016-2779.nasl - Type: ACT_GATHER_INFO |
| 2016-03-08 | Name: The remote VMware ESX host is missing a security-related patch. File: vmware_VMSA-2010-0015_remote.nasl - Type: ACT_GATHER_INFO |
| 2016-03-08 | Name: The remote VMware ESX host is missing a security-related patch. File: vmware_VMSA-2010-0019_remote.nasl - Type: ACT_GATHER_INFO |
| 2016-03-04 | Name: The remote VMware ESX / ESXi host is missing a security-related patch. File: vmware_VMSA-2011-0003_remote.nasl - Type: ACT_GATHER_INFO |
| 2016-01-25 | Name: The remote Debian host is missing a security update. File: debian_DLA-400.nasl - Type: ACT_GATHER_INFO |
| 2015-05-11 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3253.nasl - Type: ACT_GATHER_INFO |
| 2014-11-26 | Name: The remote OracleVM host is missing a security update. File: oraclevm_OVMSA-2014-0007.nasl - Type: ACT_GATHER_INFO |
| 2014-11-26 | Name: The remote OracleVM host is missing a security update. File: oraclevm_OVMSA-2014-0008.nasl - Type: ACT_GATHER_INFO |
| 2014-10-10 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL10737.nasl - Type: ACT_GATHER_INFO |
| 2014-06-30 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201406-32.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_3_compat-openssl097g-110721.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_3_gnutls-101025.nasl - Type: ACT_GATHER_INFO |
