Revision history [back]

Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.

CVSS v3 Base Score: 9.8 / 10 critical remote

SFOS uses NSS 3.20.1 currently.

Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.

CVSS v3 Base Score: 9.8 / 10 critical remote

SFOS uses NSS 3.20.1 currently.

Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.operations. CVE-2017-5461

CVSS v3 Base Score: 9.8 / 10 critical remote

DRBG flaw in NSS CVE-2017-5462
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.

SFOS uses NSS 3.20.1 3.20.1 currently.

Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations. CVE-2017-5461

CVSS v3 Base Score: 9.8 / 10 critical remote

DRBG flaw in NSS CVE-2017-5462
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.

SFOS uses NSS 3.20.1 currently.

Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations. CVE-2017-5461

CVSS v3 Base Score: 9.8 / 10 critical remote

DRBG flaw in NSS CVE-2017-5462
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.

SFOS uses NSS 3.20.1 currently.

edit 20171024: still no update to 3.21 in SFOS 2.1.3.5

Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations. CVE-2017-5461

CVE-2017-5461
CVSS v3 Base Score: 9.8 / 10 critical remote

remote
DRBG flaw in NSS CVE-2017-5462
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.

3.29.5.

SFOS uses NSS 3.20.1 currently.

Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations. CVE-2017-5461
CVSS v3 Base Score: 9.8 / 10 critical remote
DRBG flaw in NSS CVE-2017-5462
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.

SFOS uses NSS 3.20.1 currently. JB#36810 and JB#36180

edit 20171024: still no update to 3.21 in SFOS 2.1.3.5
edit 20180827: still no update to 3.34 in SFOS 2.2.0.292.2.0.29
edit 20180904: still no update from 3.20 to 3.34 in SFOS 2.2.1

Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations. CVE-2017-5461
CVSS v3 Base Score: 9.8 / 10 critical remote
DRBG flaw in NSS CVE-2017-5462
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.

SFOS uses NSS 3.20.1 currently. JB#36810 and JB#36180

edit 20171024: still no update to 3.21 in SFOS 2.1.3.5
edit 20180827: still no update to 3.34 in SFOS 2.2.0.29
edit 20180904: still no update from 3.20 to 3.34 in SFOS 2.2.12.2.1 edit 20181031: still no update (still 3.20) in SFOS3.0 ... come on!

Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations. CVE-2017-5461
CVSS v3 Base Score: 9.8 / 10 critical remote
DRBG flaw in NSS CVE-2017-5462
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.

SFOS uses NSS 3.20.1 currently. JB#36810 and JB#36180

edit 20171024: still no update to 3.21 in SFOS 2.1.3.5
edit 20180827: still no update to 3.34 in SFOS 2.2.0.29
edit 20180904: still no update from 3.20 to 3.34 in SFOS 2.2.1 2.2.1
edit 20181031: still no update (still 3.20) in SFOS3.0 ... come on!

Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations. CVE-2017-5461
CVSS v3 Base Score: 9.8 / 10 critical remote
DRBG flaw in NSS CVE-2017-5462
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.

SFOS uses NSS 3.20.1 currently. JB#36810 and JB#36180

edit 20171024: still no update to 3.21 in SFOS 2.1.3.5
edit 20180827: still no update to 3.34 in SFOS 2.2.0.29
edit 20180904: still no update from 3.20 to 3.34 in SFOS 2.2.1
edit 20181031: still no update (still 3.20) in SFOS3.0 ... come on!on!
edit 20190127: nss 3.39 now available from http://repo.merproject.org/obs/mer:/core/latest_armv7hl/armv7hl/ hopefully part of sfos3.0.2