mozilla-nspr (SUSE:Linux Enterprise Module for Basesystem 15 SP1) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Basesystem 15 SP1 package mozilla-nspr, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (10)
CVE-2019-17006 — CVSS 9.8 (critical): In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application…
CVE-2020-15683 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed…
CVE-2020-15678 — CVSS 8.8 (high): When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This…
CVE-2019-11745 — CVSS 8.8 (high): When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds…
CVE-2020-15969 — CVSS 8.8 (high): Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-15673 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory…
CVE-2018-18508 — CVSS 6.5 (medium): In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference…
CVE-2020-15677 — CVSS 6.1 (medium): By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to…
CVE-2020-15676 — CVSS 6.1 (medium): Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed…
CVE-2020-12399 — CVSS 4.4 (medium): NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This…