GCVE - cpe:2.3:a:mozilla:network_security_services:3.19:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:mozilla:network_security_services:3.19:*:*:*:*:*:*:*

part: a version: 3.19 update: *

Vendor	Mozilla (`be1b0d4e-21a7-5a25-9982-bbda6ef43ec1`)
Product	Network Security Services (`4393dd94-659d-5c94-8f09-87796249e528`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/nss-dev/nss`	purl2cpe	2026-06-01 10:17:53.237643
`pkg:mozilla/nss`	purl2cpe	2026-06-01 10:17:53.237644
`pkg:rpm/opensuse/mozilla-nss`	purl2cpe	2026-06-01 10:17:53.237646

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2015-4000`	vulnerable	2026-06-03 14:34:50.959853	Details available The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. Published: 2015-05-21T00:00:00.000Z Updated: 2026-05-27T16:22:20.395Z Open on db.gcve.eu Reference links http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html http://marc.info/?l=bugtraq&m=143880121627664&w=2 http://rhn.redhat.com/errata/RHSA-2015-1243.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-2721`	vulnerable	2026-06-03 14:34:47.634322	Details available Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue. Published: 2015-07-06T01:00:00.000Z Updated: 2024-08-06T05:24:38.535Z Open on db.gcve.eu Reference links http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes http://www.securityfocus.com/bid/83398	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Mozilla Network Security Services (NSS) 3.19

PURL mappings

Vulnerability references

Contribute