Mozilla has patched a critical memory corruption vulnerability known as BigSig that affects its cross-platform Network Security Services (NSS) set of cryptography libraries versions prior to 3.73 or 3.68.1 ESR. NSS can be used to create secure client and server applications that handle SSL v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security protocols. When handling DER-encoded DSA or RSA-PSS signatures in email clients and PDF viewers using vulnerable NSS versions, the vulnerability tracked as CVE-2021-43527 can lead to a heap-based buffer overflow, and successful exploitation can lead to application crashes and arbitrary code execution to bypass security software if code execution is achieved. Depending on how NSS is configured, applications that use NSS to handle signatures encoded in CMS, S/MIME, PKCS #7, or PKCS #12 and certificate validation or other TLS, X.509, OCSP, or CRL capabilities may be impacted. Further, researchers think that this issue affects all versions of NSS since 3.14 (published in October 2012).
everal popular Android applications available on the Google Play Store are vulnerable to a path traversal-affiliated vulnerability known as the Dirty Stream attack. This vulnerabil...
The US confirms Russian hackers have breached water systems. They warn North American and European operators about ongoing attempts by pro-Russia activists to infiltrate their tech...
The Simone Veil hospital in Cannes, France, has become the latest target of cybercriminals, with the LockBit ransomware gang claiming to have accessed and published confidential da...