First published: Fri Apr 07 2017(Updated: )
An out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. External Reference: <a href="https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461">https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461</a> Acknowledgements: Name: the Mozilla project Upstream: Ronald Crane
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Network Security Services | <3.21.4 | |
Mozilla Network Security Services | >3.22<3.28.4 | |
Mozilla Network Security Services | >=3.29<3.29.5 | |
Mozilla Network Security Services | >=3.30<3.30.1 | |
Mozilla Thunderbird | <52.1 | 52.1 |
Mozilla Firefox ESR | <52.1 | 52.1 |
Mozilla Firefox ESR | <45.9 | 45.9 |
Mozilla Firefox | <53 | 53 |
debian/firefox | 133.0.3-1 | |
debian/firefox-esr | 115.14.0esr-1~deb11u1 128.5.0esr-1~deb11u1 128.3.1esr-1~deb12u1 128.5.0esr-1~deb12u1 128.5.0esr-1 128.5.1esr-1 | |
debian/nss | 2:3.61-1+deb11u3 2:3.61-1+deb11u4 2:3.87.1-1 2:3.87.1-1+deb12u1 2:3.106-1 | |
IBM Cognos Analytics | <=12.0.0-12.0.3 | |
IBM Cognos Analytics | <=11.2.0-11.2.4 FP4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)