vulnerability
Oracle Linux: CVE-2019-11756: ELSA-2020-4076: nss and nspr security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:H/Au:S/C:C/I:C/A:C) | Dec 10, 2019 | Aug 5, 2020 | Dec 6, 2024 |
Severity
7
CVSS
(AV:N/AC:H/Au:S/C:C/I:C/A:C)
Published
Dec 10, 2019
Added
Aug 5, 2020
Modified
Dec 6, 2024
Description
Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71.
A use-after-free flaw was found in Mozilla Network Security Services (NSS) related to PK11 session handling. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled with NSS.
A use-after-free flaw was found in Mozilla Network Security Services (NSS) related to PK11 session handling. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled with NSS.
Solution(s)
oracle-linux-upgrade-nsproracle-linux-upgrade-nspr-develoracle-linux-upgrade-nssoracle-linux-upgrade-nss-develoracle-linux-upgrade-nss-pkcs11-develoracle-linux-upgrade-nss-softoknoracle-linux-upgrade-nss-softokn-develoracle-linux-upgrade-nss-softokn-freebloracle-linux-upgrade-nss-softokn-freebl-develoracle-linux-upgrade-nss-sysinitoracle-linux-upgrade-nss-toolsoracle-linux-upgrade-nss-utiloracle-linux-upgrade-nss-util-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.