mozilla-nspr (SUSE:Manager Server 4.0) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Manager Server 4.0 package mozilla-nspr, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (9)
CVE-2020-12403 — CVSS 9.1 (critical): A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could…
CVE-2021-23987 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed…
CVE-2021-23981 — CVSS 8.1 (high): A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in…
CVE-2020-25648 — CVSS 7.5 (high): A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS…
CVE-2021-23982 — CVSS 6.5 (medium): Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as…
CVE-2021-23984 — CVSS 6.5 (medium): A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be…
CVE-2020-6829 — CVSS 5.3 (medium): When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about…
CVE-2020-12400 — CVSS 4.7 (medium): When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible…
CVE-2020-12401 — CVSS 4.7 (medium): During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed…