Gentoo Linux Security Advisory 201504-1 - Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, the worst of which may allow user-assisted execution of arbitrary code. Versions less than 31.5.3 are affected.
5799f785190a4af15c846f0050efac6e2cdd60ccce19b768508224bebe1b50bbGentoo Linux Security Advisory 201406-19 - Multiple vulnerabilities have been discovered in Mozilla Network Security Service, the worst of which could lead to Denial of Service. Versions less than 3.15.3 are affected.
74e12d781dc2269c43a0d713ed2d5e4560d44b59280cef7ff26ff92e33913982Ubuntu Security Notice 2087-1 - It was discovered that NSPR incorrectly handled certain malformed X.509 certificates. A remote attacker could use a crafted X.509 certificate to cause NSPR to crash, leading to a denial of service, or possibly execute arbitrary code.
68b326ff5a9d1bc5579dcfa9d4d047a99dd6f38fdc19188032d750ad6a1721deDebian Linux Security Advisory 2820-1 - It was discovered that NSPR, Netscape Portable Runtime library, could crash an application using the library when parsing a certificate that causes an integer overflow. This flaw only affects 64-bit systems.
52579bb6c1260754549b627f26a19aca1783ce6249a99e6f328515fe8c576c88Red Hat Security Advisory 2013-1829-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. It was found that the fix for CVE-2013-1620 released via RHSA-2013:1135 introduced a regression causing NSS to read uninitialized data when a decryption failure occurred. A remote attacker could use this flaw to cause a TLS/SSL server using NSS to crash.
f778761e056c7efa104a541475faedf8d662d6d1bb56cca7afb6b493634b3cdeRed Hat Security Advisory 2013-1791-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. It was found that the fix for CVE-2013-1620 released via RHSA-2013:1135 introduced a regression causing NSS to read uninitialized data when a decryption failure occurred. A remote attacker could use this flaw to cause a TLS/SSL server using NSS to crash.
597e41819c618a7a2036b4981f741cf922fcb4e227d620ed1ada7986295500c4Ubuntu Security Notice 2032-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into connecting to a malicious server, an attacker could possibly exploit these to cause a denial of service via application crash, potentially execute arbitrary code, or lead to information disclosure.
9aa88e3eda8943f778c88e0749132dc9a27173331f5b3c38f6fcee613a0b6504Mandriva Linux Security Advisory 2013-270 - Multiple security issues was identified and fixed in mozilla NSPR and NSS. Mozilla Network Security Services before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. Integer overflow in Mozilla Network Security Services 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. Various other issues were also addressed.
89688cb44f72d5c0610b28222e48ec4e53e14de8388bf3ba17ef5960b2f31817Mandriva Linux Security Advisory 2013-269 - Multiple security issues was identified and fixed in mozilla NSPR, NSS, and firefox. Mozilla Network Security Services before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. Integer overflow in Mozilla Network Security Services 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. Various other issues have also been addressed.
5ff6af659aa173d788e6b24e0437553faf1a51ae5b75cb0fcc5088c05d600b14Ubuntu Security Notice 2031-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, potentially execute arbitrary code, or lead to information disclosure.
3684065bb99c7b7f886ea12ba63ebd3fae46ae85cf46667f49f7d182e3e6f644
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed