Opened 2 years ago
Closed 2 years ago
#17627 closed enhancement (fixed)
nss-3.88.1
Reported by: | Bruce Dubbs | Owned by: | |
---|---|---|---|
Priority: | elevated | Milestone: | 11.3 |
Component: | BOOK | Version: | git |
Severity: | normal | Keywords: | |
Cc: |
Description
New minor version.
Change History (4)
comment:1 by , 2 years ago
Owner: | changed from | to
---|
comment:2 by , 2 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Updated at b66736fb6e35bef0ab462ef9f3abad3cb50b881f 11.2-1104.
comment:3 by , 2 years ago
Priority: | normal → elevated |
---|---|
Resolution: | fixed |
Status: | closed → reopened |
Belatedly marking as elevated because of Bug 1804640 - improve handling of unknown PKCS#12 safe bag types. Now that the firefox 102.8.0 and 110.0 release notes are out, this is CVE-2023-0767 An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled, rated High.
comment:4 by , 2 years ago
Resolution: | → fixed |
---|---|
Status: | reopened → closed |
Security Advisory sa-11.2-091 created.
Note:
See TracTickets
for help on using tickets.
The release notes for 3.88.1 have not yet appeared at https://firefox-source-docs.mozilla.org/security/nss/releases/, those from 3.88 (released on 9th Feb) are there and I found the commit for the 3.88.1 release notes at https://hg.mozilla.org/projects/nss/rev/440449e7be40fc70b65792961485a85d6cab97e3.
Only one change since 3.88,