Mandriva Linux Security Advisory 2015-059 - Multiple vulnerabilities has been found and corrected in the Mozilla NSS and NSPR packages. The updated packages provides a solution for these security issues.
59256243393f23f58ede14a8157f3106d5b951ae5d805857b9f01d335602857bDebian Linux Security Advisory 3186-1 - It was discovered that the Mozilla Network Security Service library (nss) incorrectly handled certain ASN.1 lengths. A remote attacker could possibly use this issue to perform a data-smuggling attack.
7294ffa98790572d8f3abed1868667796a0c483dfdc3d3fb6c341a264192e061Ubuntu Security Notice 2452-1 - It was discovered that NSS incorrectly handled certain ASN.1 lengths. A remote attacker could possibly use this issue to perform a data-smuggling attack.
4a188e5586b1601d16f2403dd19db5371bbd99e010db7e131164f00ecae65f7eMandriva Linux Security Advisory 2014-252 - In the QuickDER decoder in NSS before 3.17.3, ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data. This update adds support for the TLS Fallback Signaling Cipher Suite Value in NSS, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0, mitigating also known as POODLE. SSL 3.0 support has also been disabled by default in this Firefox and Thunderbird update, further mitigating POODLE.
70a783dd698c32c35cc4ba737ea20e314d2dfed051a171704672b2b3fa1c0075
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed