Mozilla

Network Security Services

50 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2017-11697

Exploit
  • EPSS 0.11%
  • Veröffentlicht 27.12.2017 19:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file.

7.8

CVE-2017-11695

Exploit
  • EPSS 0.09%
  • Veröffentlicht 27.12.2017 19:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.

7.8

CVE-2017-11696

Exploit
  • EPSS 0.09%
  • Veröffentlicht 27.12.2017 19:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.

7.8

CVE-2017-11698

Exploit
  • EPSS 0.09%
  • Veröffentlicht 27.12.2017 19:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.

7.5

CVE-2017-7502

  • EPSS 4.53%
  • Veröffentlicht 30.05.2017 18:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.

9.8

CVE-2017-5461

  • EPSS 1.24%
  • Veröffentlicht 11.05.2017 01:29:05
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other i...

9.3

CVE-2016-2834

  • EPSS 1.19%
  • Veröffentlicht 13.06.2016 10:59:15
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.

8.8

CVE-2016-1979

  • EPSS 0.71%
  • Veröffentlicht 13.03.2016 18:59:28
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly h...

7.5

CVE-2016-1978

  • EPSS 2.26%
  • Veröffentlicht 13.03.2016 18:59:27
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspec...

8.8

CVE-2016-1950

  • EPSS 3.33%
  • Veröffentlicht 13.03.2016 18:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via ...