Gentoo Linux Security Advisory 201802-3 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Versions less than 52.6.0 are affected.
9c755436dabdfb3e7a966a0901e80d5c8a7a16dfd36c2bb6664051a1013932d3Ubuntu Security Notice 3278-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to spoof the addressbar contents, conduct cross-site scripting attacks, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
5918077f633274f279ab87c4b055ad1b8af6e26633eab66e02241fb795da1fa5Ubuntu Security Notice 3260-2 - USN-3260-1 fixed vulnerabilities in Firefox. The update caused the date picker panel and form validation errors to close immediately on opening. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, spoof the addressbar contents or other UI elements, escape the sandbox to read local files, conduct cross-site scripting attacks, cause a denial of service via application crash, or execute arbitrary code. A flaw was discovered in the DRBG number generation in NSS. If an attacker were able to perform a man-in-the-middle attack, this flaw could potentially be exploited to view sensitive information. Various other issues were also addressed.
4516672128a2c863308c540e8b88eefd6516196d22c6093ee8fb3334947b872fGentoo Linux Security Advisory 201705-4 - Multiple vulnerabilities have been found in NSS, the worst of which may allow execution of arbitrary code. Versions less than 3.29.5 are affected.
346443ae580438784b81eb9c7fdc7b563a5d3b95a8af59a8acaeb82a141b5d99Ubuntu Security Notice 3270-1 - Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key. It was discovered that NSS incorrectly handled Base64 decoding. A remote attacker could use this flaw to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
44be071f187a0942450fff54f9c82abbf62b4771273b8f124a15a42e6b7d3d03Debian Linux Security Advisory 3831-1 - Multiple security issues have been found in the Mozilla Firefox web overflows and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service.
9f8afcaa8534d688f0dd1dd3c0d064eef7b1fcae026986da712b8b6b03fe1800Red Hat Security Advisory 2017-1103-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.
8879a424bb1c3928b3b4f7e204a7098732401cbad6c42ca0fc9c718c5bf6c221Red Hat Security Advisory 2017-1102-01 - The nss-util packages provide utilities for use with the Network Security Services libraries. Security Fix: An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.
c7f230b0e58e5d451f7aa479cc74be262fbf2586e9cbac99fa85bbfd783237d0Red Hat Security Advisory 2017-1101-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.
204e849c347141be42c022cef5fff520849da9d78fcb1d02c4964d1fc214cbdbRed Hat Security Advisory 2017-1100-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. The following packages have been upgraded to a newer upstream version: nss, nss-util. Multiple security issues have been addressed.
16fa2b2d78a669af78b0ace268f81e3cdcfdd64198ae4f91dbb9192f2b5545a1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed