Mozilla Network Security Services — known CVE vulnerabilities
Every CVE whose affected-product data names Mozilla Network Security Services, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2014-1544 — CVSS 10.0 (critical): Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used…
CVE-2019-17006 — CVSS 9.8 (critical): In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application…
CVE-2015-7182 — CVSS 9.8 (critical): Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as…
CVE-2017-5461 — CVSS 9.8 (critical): Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1…
CVE-2014-1490 — CVSS 9.3 (critical): Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x…
CVE-2009-2404 — CVSS 9.3 (critical): Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox…
CVE-2016-1979 — CVSS 8.8 (high): Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before…
CVE-2016-2834 — CVSS 8.8 (high): Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of…
CVE-2016-1950 — CVSS 8.8 (high): Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in…
CVE-2017-11695 — CVSS 7.8 (high): Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows…
CVE-2017-11697 — CVSS 7.8 (high): The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of…
CVE-2017-11696 — CVSS 7.8 (high): Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows…
CVE-2017-11698 — CVSS 7.8 (high): Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows…
CVE-2015-7183 — CVSS 7.5 (high): Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS)…
CVE-2004-0826 — CVSS 7.5 (high): Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a…
CVE-2020-25648 — CVSS 7.5 (high): A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS…
CVE-2019-17007 — CVSS 7.5 (high): In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of…
CVE-2017-7502 — CVSS 7.5 (high): Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of…
CVE-2013-1741 — CVSS 7.5 (high): Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or…
CVE-2013-5605 — CVSS 7.5 (high): Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or…
CVE-2014-1568 — CVSS 7.5 (high): Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before…
CVE-2014-1569 — CVSS 7.5 (high): The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before…
CVE-2015-7181 — CVSS 7.5 (high): The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox…
CVE-2022-3479 — CVSS 7.5 (high): A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can…
CVE-2016-1978 — CVSS 7.3 (high): Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as…
CVE-2007-0008 — CVSS 6.8 (medium): Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x…
CVE-2007-0009 — CVSS 6.8 (medium): Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before…
CVE-2018-18508 — CVSS 6.5 (medium): In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference…
CVE-2006-5462 — CVSS 6.4 (medium): Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and…
CVE-2009-2408 — CVSS 5.9 (medium): Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do…
CVE-2015-7575 — CVSS 5.9 (medium): Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does…
CVE-2016-9574 — CVSS 5.9 (medium): nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and…
CVE-2018-12384 — CVSS 5.9 (medium): When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead…
CVE-2018-12404 — CVSS 5.9 (medium): A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant…
CVE-2013-5606 — CVSS 5.8 (medium): The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected…
CVE-2013-1740 — CVSS 5.8 (medium): The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start…
CVE-2017-5462 — CVSS 5.3 (medium): A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry…
CVE-2016-8635 — CVSS 5.3 (medium): It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An…
CVE-2009-2409 — CVSS 5.1 (medium): The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k…
CVE-2012-0441 — CVSS 5.0 (medium): The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0…
CVE-2013-0791 — CVSS 5.0 (medium): The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x…
CVE-2013-1739 — CVSS 5.0 (medium): Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which…
CVE-2015-2721 — CVSS 4.3 (medium): Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before…
CVE-2011-5094 — CVSS 4.3 (medium): Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict…
CVE-2014-1492 — CVSS 4.3 (medium): The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS)…
CVE-2014-1491 — CVSS 4.3 (medium): Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird…
CVE-2013-1620 — CVSS 4.3 (medium): The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant…
CVE-2015-2730 — CVSS 4.3 (medium): Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before…
CVE-2006-4340 — CVSS 4.0 (medium): Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and…
CVE-2015-4000 — CVSS 3.7 (low): The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a…