Mozilla patches critical security flaw that impacts several popular software offerings

Google cybersecurity researchers have helped patch a critical memory corruption vulnerability affecting Mozilla’s cross-platform Network S...

Google cybersecurity researchers have helped patch a critical memory corruption vulnerability affecting Mozilla’s cross-platform Network Security Services (NSS) set of cryptography libraries.

“I've discovered a critical vulnerability in Network Security Services (NSS). NSS is the Mozilla project's cross-platform cryptography library. In 2021, all good bugs need a catchy name, so I'm calling this one "BigSig",” writes Google Project Zero’s Tavis Ormandy

According to Ormandy, the vulnerability, tracked as CVE-2021-43527, and rated as critical, could have led to a heap-based buffer overflow while verifying DER-encoded DSA or RSA-PSS signatures in several email clients and PDF viewers that use the buggy NSS versions.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

Rated critical

Reporting on the development BleepingComputer explains that NSS is used in the development of several security-enabled client and server apps and supports SSL v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and various other security standards.

In his explanation, Ormandy adds that the bug probably affects all versions of NSS since 3.14, which was released almost a decade ago in October 2012. If exploited, the bug could cause the application to crash, or even enable attackers to execute arbitrary code.

Mozilla has fixed the bug in NSS 3.68.1 and NSS 3.73, and in its advisory has clarified that it doesn’t affect Firefox, Mozilla’s popular web browser. Instead it believes that open source apps that use NSS for verifying signatures such as Thunderbird, LibreOffice, Evolution email client, and Evince PDF reader could all be vulnerable.

If you are concerned about online security, use these best password managers to securely lock your accounts, and perhaps even use one of these best security keys to add another layer of protection



from TechRadar - All the latest technology news https://ift.tt/2ZM8Z0E
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,188,Video,5,XIAOMI,13,YouTube - 9to5Google,187,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Mozilla patches critical security flaw that impacts several popular software offerings
Mozilla patches critical security flaw that impacts several popular software offerings
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2021/12/mozilla-patches-critical-security-flaw.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2021/12/mozilla-patches-critical-security-flaw.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy