Gentoo Linux Security Advisory 201504-1 - Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, the worst of which may allow user-assisted execution of arbitrary code. Versions less than 31.5.3 are affected.
5799f785190a4af15c846f0050efac6e2cdd60ccce19b768508224bebe1b50bbGentoo Linux Security Advisory 201406-19 - Multiple vulnerabilities have been discovered in Mozilla Network Security Service, the worst of which could lead to Denial of Service. Versions less than 3.15.3 are affected.
74e12d781dc2269c43a0d713ed2d5e4560d44b59280cef7ff26ff92e33913982Red Hat Security Advisory 2014-0041-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade Red Hat Enterprise Virtualization Hypervisor 6.4 to version 6.5 through the 3.3 Manager administration portal, configuration of the previous system appears to be lost when reported in the TUI. However, this is an issue in the TUI itself, not in the upgrade process; the configuration of the system is not affected.
b4c76518fefda3f3206630aed636919cd1cea85e9a2b797b898a47ee35f3368fRed Hat Security Advisory 2013-1841-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. All NSS users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, applications using NSS must be restarted for the changes to take effect.
c76e897d9f2a81cec855edb8f61e2351ed973a88ef968d67b716ebfdb37cf426Red Hat Security Advisory 2013-1840-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. All NSS users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, applications using NSS must be restarted for the changes to take effect.
95d8a3b6db2ae0f619812a98c0870e19128c44ca16cdcb4246f0ace0d7251338Red Hat Security Advisory 2013-1829-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. It was found that the fix for CVE-2013-1620 released via RHSA-2013:1135 introduced a regression causing NSS to read uninitialized data when a decryption failure occurred. A remote attacker could use this flaw to cause a TLS/SSL server using NSS to crash.
f778761e056c7efa104a541475faedf8d662d6d1bb56cca7afb6b493634b3cdeRed Hat Security Advisory 2013-1791-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. It was found that the fix for CVE-2013-1620 released via RHSA-2013:1135 introduced a regression causing NSS to read uninitialized data when a decryption failure occurred. A remote attacker could use this flaw to cause a TLS/SSL server using NSS to crash.
597e41819c618a7a2036b4981f741cf922fcb4e227d620ed1ada7986295500c4Debian Linux Security Advisory 2800-1 - Andrew Tinits reported a potentially exploitable buffer overflow in the Mozilla Network Security Service library (nss). With a specially crafted request a remote attacker could cause a denial of service or possibly execute arbitrary code.
f80c6fc4a8ef5c52c6f5c13383f4c4b79773a88280a6478b8a2c3b12073ca5fcUbuntu Security Notice 2032-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into connecting to a malicious server, an attacker could possibly exploit these to cause a denial of service via application crash, potentially execute arbitrary code, or lead to information disclosure.
9aa88e3eda8943f778c88e0749132dc9a27173331f5b3c38f6fcee613a0b6504Mandriva Linux Security Advisory 2013-270 - Multiple security issues was identified and fixed in mozilla NSPR and NSS. Mozilla Network Security Services before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. Integer overflow in Mozilla Network Security Services 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. Various other issues were also addressed.
89688cb44f72d5c0610b28222e48ec4e53e14de8388bf3ba17ef5960b2f31817Mandriva Linux Security Advisory 2013-269 - Multiple security issues was identified and fixed in mozilla NSPR, NSS, and firefox. Mozilla Network Security Services before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. Integer overflow in Mozilla Network Security Services 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. Various other issues have also been addressed.
5ff6af659aa173d788e6b24e0437553faf1a51ae5b75cb0fcc5088c05d600b14Ubuntu Security Notice 2031-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, potentially execute arbitrary code, or lead to information disclosure.
3684065bb99c7b7f886ea12ba63ebd3fae46ae85cf46667f49f7d182e3e6f644Ubuntu Security Notice 2030-1 - Multiple security issues were discovered in NSS. If a user were tricked into connecting to a malicious server, an attacker could possibly exploit these to cause a denial of service via application crash, potentially execute arbitrary code, or lead to information disclosure. This update also adds TLS v1.2 support to Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10, and Ubuntu 13.04.
88d0a7e54ad7c4580130985a1ea62ac214b9e93f97f5151289a1646fd2f8e8eb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed