Debian Linux Security Advisory 4726-1 - Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in side channel/timing attacks or denial of service.
f2cc1d54b85eb308f1b29e2cefa9d4fd5c0cd92ee2f46d7dd967404b92f9ed34Gentoo Linux Security Advisory 202007-49 - NSS has an information disclosure vulnerability when handling DSA keys. Versions less than 3.52.1 are affected.
cd1e140dd4780b1f36cf34cfb5c7d085af67fc3aa3bc50a66b24ae1f364873c9Ubuntu Security Notice 4421-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. It was discovered that Thunderbird would continue an unencrypted connection when configured to use STARTTLS for IMAP if the server responded with PREAUTH. A remote attacker could potentially exploit this to perform a person-in-the-middle attack in order to obtain sensitive information. Various other issues were also addressed.
e29ba156301d1adef5ee70accc941815f87182af2911cd015ba0d303ce8a38ffDebian Linux Security Advisory 4695-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or a timing attack on cryptographic keys.
b695facb6dd8cc0b879476ce552b9c195948f4bc518c27cb5f63cf8e335ff6e1Debian Linux Security Advisory 4702-1 - Multiple security issues have been found in Thunderbird which could result in the setup of a non-encrypted IMAP connection, denial of service or potentially the execution of arbitrary code.
d513edf1d7468e2dab27753b936d34950fbe909c5cde81e5cccba7e63432acc9Ubuntu Security Notice 4397-2 - USN-4397-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Cesar Pereida Garcia discovered that NSS incorrectly handled DSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover DSA keys. Various other issues were also addressed.
44583f689b36fe02f0eee010adcf4c31ac19a4cc039ce01115f8af4dacacc025Ubuntu Security Notice 4397-1 - It was discovered that NSS incorrectly handled the TLS State Machine. A remote attacker could possibly use this issue to cause NSS to hang, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. Cesar Pereida Garcia discovered that NSS incorrectly handled DSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover DSA keys. Various other issues were also addressed.
2692888970cbb4e7e7c8fa5692c6beacf2f89b13d531ef62a9431f8e957091d9Ubuntu Security Notice 4383-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the addressbar, or execute arbitrary code. It was discovered that NSS showed timing differences when performing DSA signatures. An attacker could potentially exploit this to obtain private keys using a timing attack. Various other issues were also addressed.
275aa1dbc98d8c1f1f63c59a5ec99a85629f398784fe354d12af97a619f77497
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed