Security Advisories for NSS
Impact key
- Critical Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
- High Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
- Moderate Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
- Low Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have "High" impact because those are generally used to steal sensitive data intended for other sites.)
# Fixed in NSS 3.73
# Fixed in NSS 3.68.1
# Fixed in NSS 3.61
# Fixed in NSS 3.23
# Fixed in NSS 3.21.1
- 2016-36 Use-after-free during processing of DER encoded keys in NSS
- 2016-35 Buffer overflow during ASN.1 decoding in NSS
# Fixed in NSS 3.21
- 2016-15 Use-after-free in NSS during SSL connections in low memory
- 2016-07 Errors in mp_div and mp_exptmod cryptographic functions in NSS
# Fixed in NSS 3.19.2.4
- 2016-36 Use-after-free during processing of DER encoded keys in NSS
- 2016-15 Use-after-free in NSS during SSL connections in low memory
- 2016-07 Errors in mp_div and mp_exptmod cryptographic functions in NSS
# Fixed in NSS 3.19.2.3
# Fixed in NSS 3.17.1
# Fixed in NSS 3.16.5
# Fixed in NSS 3.16.2.1
# Fixed in NSS 3.12.3
- 2009-43 Heap overflow in certificate regexp parsing
- 2009-42 Compromise of SSL-protected communication