mozilla-nss (SUSE:OpenStack Cloud 6) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:OpenStack Cloud 6 package mozilla-nss, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (9)
CVE-2017-7793 — CVSS 9.8 (critical): A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting…
CVE-2017-7810 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2017-7818 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within…
CVE-2017-7819 — CVSS 9.8 (critical): A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been…
CVE-2017-7824 — CVSS 9.8 (critical): A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an…
CVE-2017-7814 — CVSS 7.8 (high): File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware…
CVE-2017-7805 — CVSS 7.5 (high): During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in…
CVE-2017-7823 — CVSS 5.4 (medium): The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the…
CVE-2017-7825 — CVSS 5.3 (medium): Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be…