Mozilla Network Security Services 3.11.3

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*

part: a version: 3.11.3 update: *

VendorMozilla (be1b0d4e-21a7-5a25-9982-bbda6ef43ec1)
ProductNetwork Security Services (4393dd94-659d-5c94-8f09-87796249e528)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/nss-dev/nss purl2cpe 2026-06-01 10:17:53.216848
pkg:mozilla/nss purl2cpe 2026-06-01 10:17:53.216849
pkg:rpm/opensuse/mozilla-nss purl2cpe 2026-06-01 10:17:53.216851

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2014-1568 vulnerable 2026-06-03 14:33:47.753221 Details available
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.
Published: 2014-09-25T17:00:00.000Z
Updated: 2024-08-06T09:42:36.192Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-1544 vulnerable 2026-06-03 14:33:47.655860 Details available
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain.
Published: 2014-07-23T10:00:00.000Z
Updated: 2024-08-06T09:42:36.185Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-1492 vulnerable 2026-06-03 14:33:47.333670 Details available
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
Published: 2014-03-25T01:00:00.000Z
Updated: 2024-08-06T09:42:36.122Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2013-1740 vulnerable 2026-06-03 14:32:51.403210 Details available
The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.
Published: 2014-01-18T22:00:00.000Z
Updated: 2024-08-06T15:13:32.451Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2012-0441 vulnerable 2026-06-03 14:31:36.877393 Details available
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response.
Published: 2012-06-05T23:00:00.000Z
Updated: 2024-08-06T18:23:31.031Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2011-5094 vulnerable 2026-06-03 14:31:27.722755 Details available
Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment
Published: 2012-06-16T21:00:00.000Z
Updated: 2024-09-16T21:56:51.299Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2007-0008 vulnerable 2026-06-03 14:27:55.616871 Details available
Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.
Published: 2007-02-26T20:00:00.000Z
Updated: 2024-08-07T12:03:37.063Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2006-5462 vulnerable 2026-06-03 14:27:45.920721 Details available
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.
Published: 2006-11-08T21:00:00.000Z
Updated: 2024-08-07T19:48:30.553Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.