Vulnerabilities > Mozilla > Network Security Services > 3.15
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-02-06 | CVE-2014-1491 | Inadequate Encryption Strength vulnerability in Mozilla products Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value. | 4.3 |
| 2014-01-18 | CVE-2013-1740 | Cryptographic Issues vulnerability in Mozilla Network Security Services The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic. | 5.8 |
| 2013-11-18 | CVE-2013-5606 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Network Security Services 3.15/3.15.1/3.15.2 The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate. | 5.8 |
| 2013-11-18 | CVE-2013-5605 | Improper Input Validation vulnerability in Mozilla Network Security Services Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets. | 7.5 |
| 2013-11-18 | CVE-2013-1741 | Numeric Errors vulnerability in Mozilla Network Security Services 3.15/3.15.1/3.15.2 Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. | 7.5 |
| 2013-10-22 | CVE-2013-1739 | Unspecified vulnerability in Mozilla Network Security Services Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. | 5.0 |