Package nss updated to version 3.49.1-alt1 for branch sisyphus in task 244791.

Published: 2019-12-03

BDU:2020-01970

Уязвимость расширения HelloRetryRequest браузера Firefox, позволяющая нарушителю оказать воздействие на целостность данных

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

CVE-2019-17023

Published: 2020-01-09
Modified: 2024-11-21

CVE-2019-17023

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

https://bugzilla.mozilla.org/show_bug.cgi?id=1590001
https://bugzilla.mozilla.org/show_bug.cgi?id=1590001
USN-4234-1
USN-4234-1
USN-4397-1
USN-4397-1
DSA-4726
DSA-4726
https://www.mozilla.org/security/advisories/mfsa2020-01/
https://www.mozilla.org/security/advisories/mfsa2020-01/

Version: 2.1.0

Package nss update in sisyphus on 2020-01-29

ALT-PU-2020-1109-1

Closed vulnerabilities

BDU:2020-01970

CVE-2019-17023