Mozilla Network Security Services vulnerabilities

CVE-2009-2408 [MEDIUM] CWE-295 CVE-2009-2408: Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0 Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificat

CVE-2009-2409 [MEDIUM] CWE-295 CVE-2009-2409: The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 a The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scop

CVE-2007-0009 [MEDIUM] CWE-119 CVE-2007-0009: Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3 Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Mas

CVE-2007-0008 [MEDIUM] CWE-189 CVE-2007-0008: Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message

CVE-2006-5462 [MEDIUM] CVE-2006-5462: Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5. Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier i

CVE-2006-4340 [MEDIUM] CWE-20 CVE-2006-4340: Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5. Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulner

CVE-2004-0826 [HIGH] CVE-2004-0826: Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attacke Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.