Mozilla Network Security Services CVE-2017-5461 Memory Corruption Vulnerability
by CIRT Team
Description: Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.
Impact: An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Mitigation: Mozilla Network Security Services (NSS) version 3.28.4 fixes this issue.
Reference URL’s:
- http://www.securityfocus.com/bid/98050/info
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/
- https://rhn.redhat.com/errata/RHSA-2017-1100.html
- https://rhn.redhat.com/errata/RHSA-2017-1101.html
- https://rhn.redhat.com/errata/RHSA-2017-1102.html
- https://access.redhat.com/security/cve/cve-2017-5461
- https://security-tracker.debian.org/tracker/CVE-2017-5461
Recommended Posts
Active Exploitation of Critical F5 BIG – IP Vulnerability (CVE–2023-46747) Uncovered in Bangladesh
06 Nov 2024 - Security Advisories & Alerts
Subscribe here
MEMBER OF:
