Security News > 2021 > December > Mozilla fixes critical bug in cross-platform cryptography library

Mozilla fixes critical bug in cross-platform cryptography library
2021-12-01 17:39

NSS can be used to develop security-enabled client and server apps with support for SSL v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and various other security standards.

"Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted," Mozilla said in a security advisory issued today.

"Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS.".

"Mozilla plan to produce a thorough list of affected APIs - but the summary is any standard use of NSS is affected. The bug is simple to reproduce and affects multiple algorithms."

Server products from Red Hat: Red Hat Directory Server, Red Hat Certificate System, and the mod nss SSL module for the Apache webserver.

SUSE Linux Enterprise Server supports NSS and the mod nss SSL module for the Apache webserver.


News URL

https://www.bleepingcomputer.com/news/security/mozilla-fixes-critical-bug-in-cross-platform-cryptography-library/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Mozilla 29 13 631 583 266 1493