What is CVE-2019-11727?

CVE-2019-11727 is a vulnerability in Network Security Services (NSS) that allows for the signing of CertificateVerify with PKCS#1 v1.5 signatures in TLS 1.3 messages.

How severe is CVE-2019-11727?

CVE-2019-11727 has a severity rating of 5.3 (medium).

Which software is affected by CVE-2019-11727?

The software affected by CVE-2019-11727 includes Mozilla Thunderbird, Firefox, and Red Hat NSS.

How can I fix CVE-2019-11727?

To fix CVE-2019-11727, update your software to the recommended versions: Red Hat NSS 3.44.1, Mozilla Thunderbird 68, Mozilla Firefox 68.

Where can I find more information about CVE-2019-11727?

You can find more information about CVE-2019-11727 on the Mozilla and Red Hat security advisories.

Vulnerability/
CVE-2019-11727

medium

5.3

CWE

295 327

9/7/2019

23/7/2019

17/12/2024

CVE-2019-11727

First published: Tue Jul 09 2019(Updated: )

A vulnerability exists where it possible to force Network Security Services (NSS) to sign `CertificateVerify` with PKCS#1 v1.5 signatures when those are the only ones advertised by server in `CertificateRequest` in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. External Reference: <a href="https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727">https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727</a>

Credit: security@mozilla.org

Affected Software	Affected Version	How to fix
redhat/nspr	<0:4.25.0-2.el7_9	0:4.25.0-2.el7_9
redhat/nss	<0:3.53.1-3.el7_9	0:3.53.1-3.el7_9
redhat/nss-softokn	<0:3.53.1-6.el7_9	0:3.53.1-6.el7_9
redhat/nss-util	<0:3.53.1-1.el7_9	0:3.53.1-1.el7_9
redhat/nspr	<0:4.21.0-2.el8_0	0:4.21.0-2.el8_0
redhat/nss	<0:3.44.0-7.el8_0	0:3.44.0-7.el8_0
Mozilla Thunderbird	<68	68
redhat/nss	<3.44.1	3.44.1
Mozilla Firefox	<68	68
Mozilla Firefox	<68.0
IBM Cognos Analytics	<=12.0.0-12.0.3
IBM Cognos Analytics	<=11.2.0-11.2.4 FP4

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is CVE-2019-11727?
CVE-2019-11727 is a vulnerability in Network Security Services (NSS) that allows for the signing of CertificateVerify with PKCS#1 v1.5 signatures in TLS 1.3 messages.
How severe is CVE-2019-11727?
CVE-2019-11727 has a severity rating of 5.3 (medium).
Which software is affected by CVE-2019-11727?
The software affected by CVE-2019-11727 includes Mozilla Thunderbird, Firefox, and Red Hat NSS.
How can I fix CVE-2019-11727?
To fix CVE-2019-11727, update your software to the recommended versions: Red Hat NSS 3.44.1, Mozilla Thunderbird 68, Mozilla Firefox 68.
Where can I find more information about CVE-2019-11727?
You can find more information about CVE-2019-11727 on the Mozilla and Red Hat security advisories.

collector/redhat-cve
agent/type
agent/first-publish-date
agent/weakness
agent/severity
agent/author
collector/mozilla-advisory
source/Mozilla
agent/software-canonical-lookup
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2019-11727
agent/software-canonical-lookup-request
collector/nvd-index
collector/mitre-cve
source/MITRE
agent/event
collector/ibm-support
source/IBM
agent/last-modified-date
agent/references
agent/softwarecombine
agent/tags
agent/description
agent/trending
package-manager/redhat
vendor/mozilla
canonical/mozilla thunderbird
canonical/mozilla firefox
vendor/ibm
canonical/ibm cognos analytics
version/ibm cognos analytics/12.0.0-12.0.3
version/ibm cognos analytics/11.2.0-11.2.4 fp4