Mandriva Linux Security Advisory 2015-059 - Multiple vulnerabilities has been found and corrected in the Mozilla NSS and NSPR packages. The updated packages provides a solution for these security issues.
59256243393f23f58ede14a8157f3106d5b951ae5d805857b9f01d335602857bRed Hat Security Advisory 2014-1246-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application.
25f1fdc017f9a95d3cee062e33da2f40130debeb3d3442262cac02c0f768b952Red Hat Security Advisory 2014-0917-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server.
1fbbded1e323cfe2bc56f39ece91381947f983d3521f4f1a05904aa80a6a7550Ubuntu Security Notice 2265-1 - Abhishek Arya discovered that NSPR incorrectly handled certain console functions. A remote attacker could use this issue to cause NSPR to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service.
e8ab311096e635e89cde8a1429ab04661e831c908dc394065ae930cd72aa18e1Debian Linux Security Advisory 2962-1 - Abhiskek Arya discovered an out of bounds write in the cvt_t() function of the NetScape Portable Runtime Library which could result in the execution of arbitrary code.
8ae3868fe8152a96118f4b1e810a8b6126eb04436554c9e5c1037d8e4a07a310Debian Linux Security Advisory 2960-1 - Multiple security issues have been found in Icedove, Debian's version of errors and buffer overflows may lead to the execution of arbitrary code or denial of service.
17a5516df97cd62eafe928d857603c22edb142c9e24d12b0325f49525e461256Mandriva Linux Security Advisory 2014-125 - Mozilla Netscape Portable Runtime before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service via vectors involving the sprintf and console functions. The updated nspr packages have been upgraded to the 4.10.6 version which is unaffected by this issue.
920fede0411a1a0bcc21b4e57061b9623745ffea51d8d4553d6c70d950c0a435Debian Linux Security Advisory 2955-1 - Multiple security issues have been found in Iceweasel, Debian's version buffer overflows may lead to the execution of arbitrary code or denial of service.
4390171e7d18c46eaf21ecfc40916ad245e4a11ef04fa9ddba981f0666f05411
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed