mozilla-nss (SUSE:Linux Enterprise Software Development Kit 12 SP2) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Software Development Kit 12 SP2 package mozilla-nss, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (46)
CVE-2017-5459 — CVSS 9.8 (critical): A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird…
CVE-2017-5441 — CVSS 9.8 (critical): A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This…
CVE-2017-5442 — CVSS 9.8 (critical): A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash…
CVE-2017-5443 — CVSS 9.8 (critical): An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird <…
CVE-2017-5461 — CVSS 9.8 (critical): Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1…
CVE-2017-5460 — CVSS 9.8 (critical): A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This…
CVE-2017-5446 — CVSS 9.8 (critical): An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially…
CVE-2017-7824 — CVSS 9.8 (critical): A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an…
CVE-2016-5290 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2017-7819 — CVSS 9.8 (critical): A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been…
CVE-2017-7818 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within…
CVE-2016-5297 — CVSS 9.8 (critical): An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This…
CVE-2017-7810 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2017-7793 — CVSS 9.8 (critical): A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting…
CVE-2017-5469 — CVSS 9.8 (critical): Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird <…
CVE-2017-5429 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of…
CVE-2017-5432 — CVSS 9.8 (critical): A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability…
CVE-2017-5433 — CVSS 9.8 (critical): A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the…
CVE-2017-5434 — CVSS 9.8 (critical): A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability…
CVE-2017-5435 — CVSS 9.8 (critical): A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a…
CVE-2017-5464 — CVSS 9.8 (critical): During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading…
CVE-2017-5438 — CVSS 9.8 (critical): A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results…
CVE-2017-5439 — CVSS 9.8 (critical): A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially…
CVE-2017-5440 — CVSS 9.8 (critical): A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating…
CVE-2017-5447 — CVSS 9.1 (critical): An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could…
CVE-2017-5465 — CVSS 9.1 (critical): An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible…
CVE-2016-2834 — CVSS 8.8 (high): Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of…
CVE-2016-1950 — CVSS 8.8 (high): Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in…
CVE-2017-5436 — CVSS 8.8 (high): An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially…
CVE-2017-5448 — CVSS 8.6 (high): An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs…
CVE-2017-7814 — CVSS 7.8 (high): File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware…
CVE-2017-5445 — CVSS 7.5 (high): A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This…
CVE-2017-5444 — CVSS 7.5 (high): A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted…
CVE-2016-9066 — CVSS 7.5 (high): A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming…
CVE-2017-7805 — CVSS 7.5 (high): During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in…
CVE-2016-5296 — CVSS 7.5 (high): A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash…
CVE-2016-5285 — CVSS 7.5 (high): A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey /…
CVE-2016-9574 — CVSS 5.9 (medium): nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and…
CVE-2016-9074 — CVSS 5.9 (medium): An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security…
CVE-2016-9064 — CVSS 5.9 (medium): Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who…
CVE-2016-5291 — CVSS 5.5 (medium): A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird <…
CVE-2017-7823 — CVSS 5.4 (medium): The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the…
CVE-2017-7825 — CVSS 5.3 (medium): Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be…
CVE-2017-5462 — CVSS 5.3 (medium): A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry…
CVE-2016-8635 — CVSS 5.3 (medium): It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An…
CVE-2017-5437: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10195, CVE-2016-10196, CVE-2016-10197. Reason: This candidate is a…