mozilla-nss (SUSE:Linux Enterprise Server 12 SP3) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12 SP3 package mozilla-nss, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (31)
CVE-2018-18505 — CVSS 10.0 (critical): An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC…
CVE-2017-7793 — CVSS 9.8 (critical): A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting…
CVE-2017-7810 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2018-12405 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed…
CVE-2018-18500 — CVSS 9.8 (critical): A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream…
CVE-2018-12376 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that…
CVE-2018-12377 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is…
CVE-2018-12378 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload…
CVE-2018-18498 — CVSS 9.8 (critical): A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used…
CVE-2018-18493 — CVSS 9.8 (critical): A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the…
CVE-2018-18492 — CVSS 9.8 (critical): A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options…
CVE-2017-7818 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within…
CVE-2017-7819 — CVSS 9.8 (critical): A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been…
CVE-2017-7824 — CVSS 9.8 (critical): A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an…
CVE-2018-18501 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed…
CVE-2018-12387 — CVSS 9.1 (critical): A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer…
CVE-2018-17466 — CVSS 8.8 (high): Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory…
CVE-2018-12386 — CVSS 8.1 (high): A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to…
CVE-2018-12379 — CVSS 7.8 (high): When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading…
CVE-2017-7814 — CVSS 7.8 (high): File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware…
CVE-2017-7805 — CVSS 7.5 (high): During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in…
CVE-2018-12385 — CVSS 7.0 (high): A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user…
CVE-2017-16541 — CVSS 6.5 (medium): Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP…
CVE-2018-18494 — CVSS 6.5 (medium): A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a…
CVE-2018-12404 — CVSS 5.9 (medium): A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant…
CVE-2018-12384 — CVSS 5.9 (medium): When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead…
CVE-2018-12383 — CVSS 5.5 (medium): If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still…
CVE-2017-7823 — CVSS 5.4 (medium): The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the…
CVE-2018-12381 — CVSS 5.3 (medium): Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are…
CVE-2017-7825 — CVSS 5.3 (medium): Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be…
CVE-2018-0495 — CVSS 4.7 (medium): Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through…