Google Cyber security Researchers have helped patch a critical memory corruption vulnerability affecting Mozilla’s cross-platform Network Security Services (NSS) set of cryptography libraries.
“I’ve discovered a critical vulnerability in Network Security Services (NSS). NSS is the Mozilla project’s cross-platform cryptography library. In 2021, all good bugs need a catchy name, so I’ll call it “BigSig”. I’ve been writing Google Project Zero’s Tavis Ormandy
According to Ormandy, the vulnerability, which was tracked as CVE-2021-43527, and rated as critical, occurred when validating DER-encoded DSA or RSA-PSS signatures in multiple heap-based buffers. There could have been an overflow. email client And pdf viewer Which use the buggy NSS versions.
We’re looking at how our readers use a VPN with streaming sites like Netflix so we can improve our content and offer better advice. This survey will take you no more than 60 seconds, and we would greatly appreciate it if you shared your experiences with us.
>> Click here to start survey in new window <
reporting on development bleeding computer Explains that NSS is used in the development of many security-enabled client and server apps and supports SSL v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 Supports certificates. and many other safety standards.
In his explanation, Ormandy says that the bug probably affects all versions of NSS since 3.14, released almost a decade ago in October 2012. If exploited, the bug can cause applications to crash, or even enable attackers to execute arbitrary code.
Mozilla has fixed bugs in NSS 3.68.1 and NSS 3.73 and in Consultant clarified that it does not affect firefox, Mozilla’s popular Web browser, Instead it assumes that open source Apps that use NSS to verify signatures such as thunderbird, LibreOffice, Evolution email client, and Evince PDF Reader can all be vulnerable.
If You’re Concerned About Online Security, Use These best password manager To securely lock your accounts, and maybe even use one of these best security key To add another layer of security