BigSig: Vulnerability in Mozilla NSS Could Allow Code Execution when Handling Certificates

December 4, 2021 | by Arround The Web | No comments

BigSig: Vulnerability in Mozilla NSS Could Allow Code Execution when Handling Certificates

A cryptographic library set NSS Mozilla (Network Security Services) has been identified in the critical vulnerability (( CVE-2021-43527 CVE-2021-43527)) that could lead to malicious code execution when processing DSA or RSA-PSS digital signatures specified using the DER ( Distinguished Encoding Rules). The issue codenamed BigSig has been fixed in NSS 3.73 and NSS ESR 3.68.1. Distribution package updates are available for Debian, RHEL, Ubuntu, SUSE, Arch Linux, Gentoo, FreeBSD. Updates for not yet available Fedora are.

The post BigSig: Vulnerability in Mozilla NSS Could Allow Code Execution when Handling Certificates appeared first on Linux Today.

Source: Linux Today

BigSig: Vulnerability in Mozilla NSS Could Allow Code Execution when Handling Certificates

Leave a Reply Cancel reply