Apple Security Advisory 2015-06-30-2 - OS X Yosemite 10.10.4 and Security Update 2015-005 are now available and address privilege escalation, arbitrary code execution, access bypass, and various other vulnerabilities.
36670a2c92a10eed9caf9afd9dd5f818e184e427c1eddb4da037e0aebc712907
Apple Security Advisory 2015-06-30-1 - iOS 8.4 is now available and addresses denial of service, an incorrect issued certificate, arbitrary code execution, and various other flaws.
aa64c9a10b61a44ca9cbe32378688da43c9948d31f37b09253079d2bdffc2fbf
Gentoo Linux Security Advisory 201504-1 - Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, the worst of which may allow user-assisted execution of arbitrary code. Versions less than 31.5.3 are affected.
5799f785190a4af15c846f0050efac6e2cdd60ccce19b768508224bebe1b50bb
Debian Linux Security Advisory 2994-1 - Several vulnerabilities have been discovered in nss, the Mozilla Network Security Service library.
528f4677ccb5d5cb94823d6222c7de358ac0c637069400ec308261d6e1822ddb
Gentoo Linux Security Advisory 201406-19 - Multiple vulnerabilities have been discovered in Mozilla Network Security Service, the worst of which could lead to Denial of Service. Versions less than 3.15.3 are affected.
74e12d781dc2269c43a0d713ed2d5e4560d44b59280cef7ff26ff92e33913982
Red Hat Security Advisory 2013-1829-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. It was found that the fix for CVE-2013-1620 released via RHSA-2013:1135 introduced a regression causing NSS to read uninitialized data when a decryption failure occurred. A remote attacker could use this flaw to cause a TLS/SSL server using NSS to crash.
f778761e056c7efa104a541475faedf8d662d6d1bb56cca7afb6b493634b3cde
Red Hat Security Advisory 2013-1791-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. It was found that the fix for CVE-2013-1620 released via RHSA-2013:1135 introduced a regression causing NSS to read uninitialized data when a decryption failure occurred. A remote attacker could use this flaw to cause a TLS/SSL server using NSS to crash.
597e41819c618a7a2036b4981f741cf922fcb4e227d620ed1ada7986295500c4
Ubuntu Security Notice 2032-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into connecting to a malicious server, an attacker could possibly exploit these to cause a denial of service via application crash, potentially execute arbitrary code, or lead to information disclosure.
9aa88e3eda8943f778c88e0749132dc9a27173331f5b3c38f6fcee613a0b6504
Mandriva Linux Security Advisory 2013-270 - Multiple security issues was identified and fixed in mozilla NSPR and NSS. Mozilla Network Security Services before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. Integer overflow in Mozilla Network Security Services 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. Various other issues were also addressed.
89688cb44f72d5c0610b28222e48ec4e53e14de8388bf3ba17ef5960b2f31817
Mandriva Linux Security Advisory 2013-269 - Multiple security issues was identified and fixed in mozilla NSPR, NSS, and firefox. Mozilla Network Security Services before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. Integer overflow in Mozilla Network Security Services 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. Various other issues have also been addressed.
5ff6af659aa173d788e6b24e0437553faf1a51ae5b75cb0fcc5088c05d600b14
Ubuntu Security Notice 2031-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, potentially execute arbitrary code, or lead to information disclosure.
3684065bb99c7b7f886ea12ba63ebd3fae46ae85cf46667f49f7d182e3e6f644
Ubuntu Security Notice 2030-1 - Multiple security issues were discovered in NSS. If a user were tricked into connecting to a malicious server, an attacker could possibly exploit these to cause a denial of service via application crash, potentially execute arbitrary code, or lead to information disclosure. This update also adds TLS v1.2 support to Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10, and Ubuntu 13.04.
88d0a7e54ad7c4580130985a1ea62ac214b9e93f97f5151289a1646fd2f8e8eb