Mozilla NSS 3.33

CPE Details

Mozilla NSS 3.33
mozilla
nss
3.33
2019-12-09
16h10 +00:00
2019-12-09
16h10 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:mozilla:nss:3.33:*:*:*:*:*:*:*

Informations

Vendor

mozilla

Product

nss

Version

3.33

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-43527 2021-12-07 23h00 +00:00 NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.
9.8
Critical
CVE-2020-12403 2021-05-26 22h00 +00:00 A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.
9.1
Critical