Ubuntu Security Notice 2819-1 - Christian Holler, David Major, Jesse Ruderman, Tyson Smith, Boris Zbarsky, Randell Jesup, Olli Pettay, Karl Tomlinson, Jeff Walden, and Gary Kwong discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Tyson Smith and David Keeler discovered a use-after-poison and buffer overflow in NSS. An attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
a311c779f9fd27a3a7bb5fd804f6f177902aee369fc6236ab5b3d629b731ef65
Debian Linux Security Advisory 3406-1 - It was discovered that incorrect memory allocation in the NetScape Portable Runtime library might result in denial of service or the execution of arbitrary code.
930894e681573a82ac8191e73c85435a31821c44a824377eb46afcc3622b98bf
Red Hat Security Advisory 2015-2068-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A use-after-poison flaw and a heap-based buffer overflow flaw were found in the way NSS parsed certain ASN.1 structures. An attacker could use these flaws to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library.
fe60a25cea587409eb3e69819ff10f018734fe33d7f5c69935f661f1071aa61d
Slackware Security Advisory - New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
9b0befe56f80c153f34a19aac88a216bf782f29de0d132c69ac59ecc057a73b1
Debian Linux Security Advisory 3393-1 - Multiple security issues have been found in Iceweasel, Debian's version integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service.
72e5c1890f7f8850f396383ff3d6fc35d3f3f513b99e26e855a9949cd694801a
Ubuntu Security Notice 2785-1 - Christian Holler, David Major, Jesse Ruderman, Tyson Smith, Boris Zbarsky, Randell Jesup, Olli Pettay, Karl Tomlinson, Jeff Walden, Gary Kwong, Andrew McCreight, Georg Fritzsche, and Carsten Book discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
dbba07af115f849b37a270b8478366a007822e4f6fb2d26a2d111c4d90b83109
Ubuntu Security Notice 2790-1 - Ryan Sleevi discovered that NSPR incorrectly handled memory allocation. A remote attacker could use this issue to cause NSPR to crash, resulting in a denial of service, or possibly execute arbitrary code.
9440bdce85531a9cb40fcc653abe53b8f45ea9e011561aee62548769b2b5038f
Red Hat Security Advisory 2015-1981-01 - Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A use-after-poison flaw and a heap-based buffer overflow flaw were found in the way NSS parsed certain ASN.1 structures. An attacker could use these flaws to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library.
f218558d94300f2eeece5fe28759616cde41313ce2bbebe7fd77469b034c87e4
Red Hat Security Advisory 2015-1980-01 - Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A use-after-poison flaw and a heap-based buffer overflow flaw were found in the way NSS parsed certain ASN.1 structures. An attacker could use these flaws to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library.
8cfcb360352e3c75f30ec51f7bbd0be2d86035b626fb9ea84115b65545e233f8