Mandriva Linux Security Advisory 2015-059 - Multiple vulnerabilities has been found and corrected in the Mozilla NSS and NSPR packages. The updated packages provides a solution for these security issues.
59256243393f23f58ede14a8157f3106d5b951ae5d805857b9f01d335602857b
Debian Linux Security Advisory 3071-1 - In nss, a set of libraries designed to support cross-platform development of security-enabled client and server applications, Tyson Smith and Jesse Schwartzentruber discovered a use-after-free vulnerability that allows remote attackers to execute arbitrary code by triggering the improper removal of an NSSCertificate structure from a trust domain.
4a2488a91078e9187bd86f7e1d101335a7b44b196ee02e132b0845e7346a16a2
Ubuntu Security Notice 2343-1 - Tyson Smith and Jesse Schwartzentruber discovered that NSS contained a race condition when performing certificate validation. An attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.
49306aadb794c2b489013336e93c2da224228735ef3f3bda3d06f7c656dfdae6
Red Hat Security Advisory 2014-1165-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application.
17495d25b74a610055ad319f9414d23d636d412aedd43cae87e12606b7e9f6e4
Debian Linux Security Advisory 2996-1 - Multiple security issues have been found in Icedove, Debian's version of errors and use-after-frees may lead to the execution of arbitrary code or denial of service.
51a454a081f26b9e7f6ccd09d600f777d8fc70d31080869af05545c1ed847c2b
Mandriva Linux Security Advisory 2014-139 - Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain. The updated packages have been upgraded to the latest NSS versions which is not vulnerable to this issue.
3d98eba8862e8bda7926d387ee30decd2d5596f62890e780121cd4d4a07565da
Debian Linux Security Advisory 2986-1 - Multiple security issues have been found in Iceweasel, Debian's version use-after-frees may lead to the execution of arbitrary code or denial of service.
a4eb9120a7e71d7ea237528df4080150da04d22d7c5825f8d7976d867f97602d
Ubuntu Security Notice 2296-1 - Christian Holler, David Keeler and Byron Campen discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Atte Kettunen discovered a buffer overflow when interacting with WebAudio buffers. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
d89e60a681e2c732b3a6fba0072f5db10566609510d8d0ff13e937fbf870a433
Ubuntu Security Notice 2295-1 - Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
5da1dbfd8e9f95ce6c8fc2bed10d5e03eca929b0eee610ca016f5d37e9fa85e2
Red Hat Security Advisory 2014-0917-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server.
1fbbded1e323cfe2bc56f39ece91381947f983d3521f4f1a05904aa80a6a7550
Red Hat Security Advisory 2014-0915-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application.
1cf1f1dfebee6d6e5badf97a1931261a31312cd297dc52d29516494770b49569
Red Hat Security Advisory 2014-0916-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application.
e475d655916bf05e707cb881640350522517298cab22b2ee4f048576969f72f1