ALT-PU-2020-1616-1
Closed vulnerabilities
BDU:2020-01824
Уязвимость браузера Firefox, связанная с записью за границами буфера в памяти, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность
BDU:2020-01970
Уязвимость расширения HelloRetryRequest браузера Firefox, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2020-02871
Уязвимость набора библиотек NSS (Network Security Services), существующая из-за недостаточной проверки входных данных, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2019-11745
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
- openSUSE-SU-2020:0003
- openSUSE-SU-2020:0003
- openSUSE-SU-2020:0002
- openSUSE-SU-2020:0002
- openSUSE-SU-2020:0008
- openSUSE-SU-2020:0008
- RHSA-2020:0243
- RHSA-2020:0243
- RHSA-2020:0466
- RHSA-2020:0466
- https://bugzilla.mozilla.org/show_bug.cgi?id=1586176
- https://bugzilla.mozilla.org/show_bug.cgi?id=1586176
- https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf
- [debian-lts-announce] 20200929 [SECURITY] [DLA 2388-1] nss security update
- [debian-lts-announce] 20200929 [SECURITY] [DLA 2388-1] nss security update
- GLSA-202003-02
- GLSA-202003-02
- GLSA-202003-10
- GLSA-202003-10
- GLSA-202003-37
- GLSA-202003-37
- https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04
- https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04
- USN-4241-1
- USN-4241-1
- USN-4335-1
- USN-4335-1
- https://www.mozilla.org/security/advisories/mfsa2019-36/
- https://www.mozilla.org/security/advisories/mfsa2019-36/
- https://www.mozilla.org/security/advisories/mfsa2019-37/
- https://www.mozilla.org/security/advisories/mfsa2019-37/
- https://www.mozilla.org/security/advisories/mfsa2019-38/
- https://www.mozilla.org/security/advisories/mfsa2019-38/
Modified: 2024-11-21
CVE-2019-17006
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1539788
- https://bugzilla.mozilla.org/show_bug.cgi?id=1539788
- https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes
- https://security.netapp.com/advisory/ntap-20210129-0001/
- https://security.netapp.com/advisory/ntap-20210129-0001/
- https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04
- https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04
Modified: 2024-11-21
CVE-2019-17023
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.