libfreebl3-3.26.2-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10451 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libfreebl3-3.26.2-1.1 on GA media These are all security issues fixed in the libfreebl3-3.26.2-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10451 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10451 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2010-3170/ SUSE CVE CVE-2010-3170 page https://www.suse.com/security/cve/CVE-2011-3389/ SUSE CVE CVE-2011-3389 page https://www.suse.com/security/cve/CVE-2011-3640/ SUSE CVE CVE-2011-3640 page https://www.suse.com/security/cve/CVE-2013-0743/ SUSE CVE CVE-2013-0743 page https://www.suse.com/security/cve/CVE-2013-0791/ SUSE CVE CVE-2013-0791 page https://www.suse.com/security/cve/CVE-2013-1620/ SUSE CVE CVE-2013-1620 page https://www.suse.com/security/cve/CVE-2013-1739/ SUSE CVE CVE-2013-1739 page https://www.suse.com/security/cve/CVE-2013-1740/ SUSE CVE CVE-2013-1740 page https://www.suse.com/security/cve/CVE-2013-5605/ SUSE CVE CVE-2013-5605 page https://www.suse.com/security/cve/CVE-2014-1490/ SUSE CVE CVE-2014-1490 page https://www.suse.com/security/cve/CVE-2014-1491/ SUSE CVE CVE-2014-1491 page https://www.suse.com/security/cve/CVE-2014-1492/ SUSE CVE CVE-2014-1492 page https://www.suse.com/security/cve/CVE-2014-1568/ SUSE CVE CVE-2014-1568 page https://www.suse.com/security/cve/CVE-2014-1569/ SUSE CVE CVE-2014-1569 page https://www.suse.com/security/cve/CVE-2015-2721/ SUSE CVE CVE-2015-2721 page https://www.suse.com/security/cve/CVE-2015-4000/ SUSE CVE CVE-2015-4000 page https://www.suse.com/security/cve/CVE-2015-7181/ SUSE CVE CVE-2015-7181 page https://www.suse.com/security/cve/CVE-2015-7182/ SUSE CVE CVE-2015-7182 page https://www.suse.com/security/cve/CVE-2015-7575/ SUSE CVE CVE-2015-7575 page https://www.suse.com/security/cve/CVE-2016-1950/ SUSE CVE CVE-2016-1950 page https://www.suse.com/security/cve/CVE-2016-1979/ SUSE CVE CVE-2016-1979 page https://www.suse.com/security/cve/CVE-2016-2834/ SUSE CVE CVE-2016-2834 page openSUSE Tumbleweed libfreebl3-3.26.2-1.1 libfreebl3-32bit-3.26.2-1.1 libsoftokn3-3.26.2-1.1 libsoftokn3-32bit-3.26.2-1.1 mozilla-nss-3.26.2-1.1 mozilla-nss-32bit-3.26.2-1.1 mozilla-nss-certs-3.26.2-1.1 mozilla-nss-certs-32bit-3.26.2-1.1 mozilla-nss-devel-3.26.2-1.1 mozilla-nss-sysinit-3.26.2-1.1 mozilla-nss-sysinit-32bit-3.26.2-1.1 mozilla-nss-tools-3.26.2-1.1 libfreebl3-3.26.2-1.1 as a component of openSUSE Tumbleweed libfreebl3-32bit-3.26.2-1.1 as a component of openSUSE Tumbleweed libsoftokn3-3.26.2-1.1 as a component of openSUSE Tumbleweed libsoftokn3-32bit-3.26.2-1.1 as a component of openSUSE Tumbleweed mozilla-nss-3.26.2-1.1 as a component of openSUSE Tumbleweed mozilla-nss-32bit-3.26.2-1.1 as a component of openSUSE Tumbleweed mozilla-nss-certs-3.26.2-1.1 as a component of openSUSE Tumbleweed mozilla-nss-certs-32bit-3.26.2-1.1 as a component of openSUSE Tumbleweed mozilla-nss-devel-3.26.2-1.1 as a component of openSUSE Tumbleweed mozilla-nss-sysinit-3.26.2-1.1 as a component of openSUSE Tumbleweed mozilla-nss-sysinit-32bit-3.26.2-1.1 as a component of openSUSE Tumbleweed mozilla-nss-tools-3.26.2-1.1 as a component of openSUSE Tumbleweed Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVE-2010-3170 openSUSE Tumbleweed:libfreebl3-3.26.2-1.1 openSUSE Tumbleweed:libfreebl3-32bit-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-devel-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-tools-3.26.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3170.html CVE-2010-3170 https://bugzilla.suse.com/637290 SUSE Bug 637290 https://bugzilla.suse.com/645315 SUSE Bug 645315 https://bugzilla.suse.com/652858 SUSE Bug 652858 https://bugzilla.suse.com/868629 SUSE Bug 868629 The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. CVE-2011-3389 openSUSE Tumbleweed:libfreebl3-3.26.2-1.1 openSUSE Tumbleweed:libfreebl3-32bit-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-devel-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-tools-3.26.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3389.html CVE-2011-3389 https://bugzilla.suse.com/716002 SUSE Bug 716002 https://bugzilla.suse.com/719047 SUSE Bug 719047 https://bugzilla.suse.com/725167 SUSE Bug 725167 https://bugzilla.suse.com/726096 SUSE Bug 726096 https://bugzilla.suse.com/739248 SUSE Bug 739248 https://bugzilla.suse.com/739256 SUSE Bug 739256 https://bugzilla.suse.com/742306 SUSE Bug 742306 https://bugzilla.suse.com/751718 SUSE Bug 751718 https://bugzilla.suse.com/759666 SUSE Bug 759666 https://bugzilla.suse.com/763598 SUSE Bug 763598 https://bugzilla.suse.com/814655 SUSE Bug 814655 ** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug." CVE-2011-3640 openSUSE Tumbleweed:libfreebl3-3.26.2-1.1 openSUSE Tumbleweed:libfreebl3-32bit-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-devel-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-tools-3.26.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3640.html CVE-2011-3640 https://bugzilla.suse.com/726096 SUSE Bug 726096 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA at the suggestion of the CVE project team. The candidate had been associated with a correct report of a security problem, but not a problem that is categorized as a vulnerability within CVE. Compromised or unauthorized SSL certificates are not within CVE's scope. Notes: none. CVE-2013-0743 openSUSE Tumbleweed:libfreebl3-3.26.2-1.1 openSUSE Tumbleweed:libfreebl3-32bit-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-devel-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-tools-3.26.2-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0743.html CVE-2013-0743 https://bugzilla.suse.com/796895 SUSE Bug 796895 The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate. CVE-2013-0791 openSUSE Tumbleweed:libfreebl3-3.26.2-1.1 openSUSE Tumbleweed:libfreebl3-32bit-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-devel-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-tools-3.26.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0791.html CVE-2013-0791 https://bugzilla.suse.com/813026 SUSE Bug 813026 https://bugzilla.suse.com/819204 SUSE Bug 819204 The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. CVE-2013-1620 openSUSE Tumbleweed:libfreebl3-3.26.2-1.1 openSUSE Tumbleweed:libfreebl3-32bit-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-devel-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-tools-3.26.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1620.html CVE-2013-1620 https://bugzilla.suse.com/802184 SUSE Bug 802184 Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. CVE-2013-1739 openSUSE Tumbleweed:libfreebl3-3.26.2-1.1 openSUSE Tumbleweed:libfreebl3-32bit-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-devel-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-tools-3.26.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1739.html CVE-2013-1739 https://bugzilla.suse.com/842979 SUSE Bug 842979 https://bugzilla.suse.com/847708 SUSE Bug 847708 The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic. CVE-2013-1740 openSUSE Tumbleweed:libfreebl3-3.26.2-1.1 openSUSE Tumbleweed:libfreebl3-32bit-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-devel-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-tools-3.26.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1740.html CVE-2013-1740 https://bugzilla.suse.com/859055 SUSE Bug 859055 Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets. CVE-2013-5605 openSUSE Tumbleweed:libfreebl3-3.26.2-1.1 openSUSE Tumbleweed:libfreebl3-32bit-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-devel-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-tools-3.26.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5605.html CVE-2013-5605 https://bugzilla.suse.com/850148 SUSE Bug 850148 Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket. CVE-2014-1490 openSUSE Tumbleweed:libfreebl3-3.26.2-1.1 openSUSE Tumbleweed:libfreebl3-32bit-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-devel-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-tools-3.26.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1490.html CVE-2014-1490 https://bugzilla.suse.com/861847 SUSE Bug 861847 https://bugzilla.suse.com/862300 SUSE Bug 862300 Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value. CVE-2014-1491 openSUSE Tumbleweed:libfreebl3-3.26.2-1.1 openSUSE Tumbleweed:libfreebl3-32bit-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-devel-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-tools-3.26.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1491.html CVE-2014-1491 https://bugzilla.suse.com/861847 SUSE Bug 861847 https://bugzilla.suse.com/862289 SUSE Bug 862289 The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate. CVE-2014-1492 openSUSE Tumbleweed:libfreebl3-3.26.2-1.1 openSUSE Tumbleweed:libfreebl3-32bit-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-devel-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-tools-3.26.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1492.html CVE-2014-1492 https://bugzilla.suse.com/869827 SUSE Bug 869827 https://bugzilla.suse.com/926974 SUSE Bug 926974 Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue. CVE-2014-1568 openSUSE Tumbleweed:libfreebl3-3.26.2-1.1 openSUSE Tumbleweed:libfreebl3-32bit-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-devel-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-tools-3.26.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1568.html CVE-2014-1568 https://bugzilla.suse.com/1107874 SUSE Bug 1107874 https://bugzilla.suse.com/897890 SUSE Bug 897890 https://bugzilla.suse.com/898959 SUSE Bug 898959 The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as demonstrated by the SEC_QuickDERDecodeItem function's improper handling of an arbitrary-length encoding of 0x00. CVE-2014-1569 openSUSE Tumbleweed:libfreebl3-3.26.2-1.1 openSUSE Tumbleweed:libfreebl3-32bit-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-devel-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-tools-3.26.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1569.html CVE-2014-1569 https://bugzilla.suse.com/910647 SUSE Bug 910647 https://bugzilla.suse.com/913096 SUSE Bug 913096 https://bugzilla.suse.com/917597 SUSE Bug 917597 Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue. CVE-2015-2721 openSUSE Tumbleweed:libfreebl3-3.26.2-1.1 openSUSE Tumbleweed:libfreebl3-32bit-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-devel-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-tools-3.26.2-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-2721.html CVE-2015-2721 https://bugzilla.suse.com/935979 SUSE Bug 935979 The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. CVE-2015-4000 openSUSE Tumbleweed:libfreebl3-3.26.2-1.1 openSUSE Tumbleweed:libfreebl3-32bit-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-devel-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-tools-3.26.2-1.1 important 7.3 AV:N/AC:H/Au:N/C:C/I:C/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4000.html CVE-2015-4000 https://bugzilla.suse.com/1074631 SUSE Bug 1074631 https://bugzilla.suse.com/1211968 SUSE Bug 1211968 https://bugzilla.suse.com/931600 SUSE Bug 931600 https://bugzilla.suse.com/931698 SUSE Bug 931698 https://bugzilla.suse.com/931723 SUSE Bug 931723 https://bugzilla.suse.com/931845 SUSE Bug 931845 https://bugzilla.suse.com/932026 SUSE Bug 932026 https://bugzilla.suse.com/932483 SUSE Bug 932483 https://bugzilla.suse.com/934789 SUSE Bug 934789 https://bugzilla.suse.com/935033 SUSE Bug 935033 https://bugzilla.suse.com/935540 SUSE Bug 935540 https://bugzilla.suse.com/935979 SUSE Bug 935979 https://bugzilla.suse.com/937202 SUSE Bug 937202 https://bugzilla.suse.com/937766 SUSE Bug 937766 https://bugzilla.suse.com/938248 SUSE Bug 938248 https://bugzilla.suse.com/938432 SUSE Bug 938432 https://bugzilla.suse.com/938895 SUSE Bug 938895 https://bugzilla.suse.com/938905 SUSE Bug 938905 https://bugzilla.suse.com/938906 SUSE Bug 938906 https://bugzilla.suse.com/938913 SUSE Bug 938913 https://bugzilla.suse.com/938945 SUSE Bug 938945 https://bugzilla.suse.com/943664 SUSE Bug 943664 https://bugzilla.suse.com/944729 SUSE Bug 944729 https://bugzilla.suse.com/945582 SUSE Bug 945582 https://bugzilla.suse.com/955589 SUSE Bug 955589 https://bugzilla.suse.com/980406 SUSE Bug 980406 https://bugzilla.suse.com/990592 SUSE Bug 990592 https://bugzilla.suse.com/994144 SUSE Bug 994144 The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue. CVE-2015-7181 openSUSE Tumbleweed:libfreebl3-3.26.2-1.1 openSUSE Tumbleweed:libfreebl3-32bit-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-devel-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-tools-3.26.2-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7181.html CVE-2015-7181 https://bugzilla.suse.com/952810 SUSE Bug 952810 Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. CVE-2015-7182 openSUSE Tumbleweed:libfreebl3-3.26.2-1.1 openSUSE Tumbleweed:libfreebl3-32bit-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-devel-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-tools-3.26.2-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7182.html CVE-2015-7182 https://bugzilla.suse.com/952810 SUSE Bug 952810 Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. CVE-2015-7575 openSUSE Tumbleweed:libfreebl3-3.26.2-1.1 openSUSE Tumbleweed:libfreebl3-32bit-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-devel-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-tools-3.26.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7575.html CVE-2015-7575 https://bugzilla.suse.com/959888 SUSE Bug 959888 https://bugzilla.suse.com/960402 SUSE Bug 960402 https://bugzilla.suse.com/960996 SUSE Bug 960996 https://bugzilla.suse.com/961280 SUSE Bug 961280 https://bugzilla.suse.com/961281 SUSE Bug 961281 https://bugzilla.suse.com/961282 SUSE Bug 961282 https://bugzilla.suse.com/961283 SUSE Bug 961283 https://bugzilla.suse.com/961284 SUSE Bug 961284 https://bugzilla.suse.com/961290 SUSE Bug 961290 https://bugzilla.suse.com/961357 SUSE Bug 961357 https://bugzilla.suse.com/962743 SUSE Bug 962743 https://bugzilla.suse.com/963937 SUSE Bug 963937 https://bugzilla.suse.com/967521 SUSE Bug 967521 https://bugzilla.suse.com/981087 SUSE Bug 981087 Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. CVE-2016-1950 openSUSE Tumbleweed:libfreebl3-3.26.2-1.1 openSUSE Tumbleweed:libfreebl3-32bit-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-devel-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-tools-3.26.2-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-1950.html CVE-2016-1950 https://bugzilla.suse.com/969894 SUSE Bug 969894 https://bugzilla.suse.com/970257 SUSE Bug 970257 https://bugzilla.suse.com/970377 SUSE Bug 970377 https://bugzilla.suse.com/970378 SUSE Bug 970378 https://bugzilla.suse.com/970379 SUSE Bug 970379 https://bugzilla.suse.com/970380 SUSE Bug 970380 https://bugzilla.suse.com/970381 SUSE Bug 970381 https://bugzilla.suse.com/970431 SUSE Bug 970431 https://bugzilla.suse.com/970433 SUSE Bug 970433 Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. CVE-2016-1979 openSUSE Tumbleweed:libfreebl3-3.26.2-1.1 openSUSE Tumbleweed:libfreebl3-32bit-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-devel-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-tools-3.26.2-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-1979.html CVE-2016-1979 https://bugzilla.suse.com/969894 SUSE Bug 969894 Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. CVE-2016-2834 openSUSE Tumbleweed:libfreebl3-3.26.2-1.1 openSUSE Tumbleweed:libfreebl3-32bit-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-3.26.2-1.1 openSUSE Tumbleweed:libsoftokn3-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-devel-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.26.2-1.1 openSUSE Tumbleweed:mozilla-nss-tools-3.26.2-1.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-2834.html CVE-2016-2834 https://bugzilla.suse.com/983549 SUSE Bug 983549 https://bugzilla.suse.com/983639 SUSE Bug 983639