Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-11727

Опубликовано: 23 июл. 2019
Источник: debian
EPSS Низкий

Описание

A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
firefoxfixed68.0-1package
nssfixed2:3.45-1package
nssfixed2:3.42.1-1+deb10u1busterpackage
nssignoredstretchpackage
nssignoredjessiepackage

Примечания

  • https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727

  • https://hg.mozilla.org/projects/nss/rev/0a4e8b72a92e144663c2f35d3836f7828cfc97f2

  • firefox-esr in older suites than buster use the embedded copy and thus issue

  • is just fixed by updating firefox-esr to 60.8.0. For the others an update to

  • src:nss is needed as firefox-esr uses the system library.

EPSS

Процентиль: 48%
0.00248
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2019-11727

CVSS3: 5.3
ubuntu
больше 6 лет назад

A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68.

redhat логотип

CVE-2019-11727

CVSS3: 3.4
redhat
больше 6 лет назад

A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68.

nvd логотип

CVE-2019-11727

CVSS3: 5.3
nvd
больше 6 лет назад

A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68.

github логотип

GHSA-pwq5-w788-7w28

CVSS3: 5.3
github
больше 3 лет назад

A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68.

fstec логотип

BDU:2020-00597

CVSS3: 5.3
fstec
больше 6 лет назад

Уязвимость браузера Firefox, связанная с ошибкой службы сетевой безопасности CertificateVerify, позволяющая нарушителю оказать воздействие на целостность данных

EPSS

Процентиль: 48%
0.00248
Низкий