Mozilla patches critical security flaw that impacts several popular software offerings

Google cybersecurity researchers have helped patch a critical memory corruption vulnerability affecting Mozilla’s cross-platform Network Security Services (NSS) set of cryptography libraries.

“I’ve discovered a critical vulnerability in Network Security Services (NSS). NSS is the Mozilla project’s cross-platform cryptography library. In 2021, all good bugs need a catchy name, so I’m calling this one “BigSig”,” writes Google Project Zero’s Tavis Ormandy

According to Ormandy, the vulnerability, tracked as CVE-2021-43527, and rated as critical, could have led to a heap-based buffer overflow while verifying DER-encoded DSA or RSA-PSS signatures in several email clients and PDF viewers that use the buggy NSS versions.

>> Click here to start the survey in a new window <<

” data-widget-type=”deal”>

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

Rated critical

Reporting on the development BleepingComputer explains that NSS is used in the development of several security-enabled client and server apps and supports SSL v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and various other security standards.

In his explanation, Ormandy adds that the bug probably affects all versions of NSS since 3.14, which was released almost a decade ago in October 2012. If exploited, the bug could cause the application to crash, or even enable attackers to execute arbitrary code.

Mozilla has fixed the bug in NSS 3.68.1 and NSS 3.73, and in its advisory has clarified that it doesn’t affect Firefox, Mozilla’s popular web browser. Instead it believes that open source apps that use NSS for verifying signatures such as Thunderbird, LibreOffice, Evolution email client, and Evince PDF reader could all be vulnerable.

If you are concerned about online security, use these best password managers to securely lock your accounts, and perhaps even use one of these best security keys to add another layer of protection

News Related

OTHER NEWS

Some iPhone 13s are suffering from pink screens, but there might be a simple fix

The iPhone 13 and its siblings are excellent phones – when they work, but a growing number of users seem to be encountering a concerning problem with the range, namely ... Read more »

Umbrella Academy season 3 powers up its cast with Euphoria star's addition

The Umbrella Academy season 3 is set to introduce another new face after a Euphoria star confirmed that they’d been cast in the Netflix show. Javon Walton, who portrays Ashtray ... Read more »

Apple extends in-app purchase exemption for online group events

Apple has once again extended its deadline requiring in-app purchases for paid online group events within iOS apps till June 30.In 2020, Apple announced to support apps and developers that ... Read more »

Xbox series X stock - live: Argos and EE restocks are available this morning – how to get one

We’re expecting more retailers to restock the Xbox in the UK soon (iStock/The Independent) Update: The Xbox series X is in stock at Argos and for EE customers. Read on ... Read more »

First picture of 'funny and quiet' teen, 16, stabbed to death in Manchester

Kennie Carter, 16, died after he was stabbed in Stretford, Greater Manchester. (Reach) This is the first picture of a 16-year-old boy described as a “beautiful young soul”, who died ... Read more »

Call the Midwife: viewers all have same complaint about episode four

The BBC's popular period drama, Call the Midwife, continued on Sunday night with its fourth episode of the new series – and viewers all had the same complaint. MORE: This ... Read more »

Louis Vuitton sees big interest on Kuaishou as fashion show live-stream outperforms Douyin, Weibo and Tencent Video

French fashion house Louis Vuitton (LV), a popular luxury brand in China, has found a huge new audience in an unlikely place: Kuaishou Technology, the short video-sharing platform known for ... Read more »

Pixel 6a release date: A-series phone could be launched at Google's next I/O conference

Google Pixel 6 Pro | Photo credit: Obi Onyeador / Unsplash Google is expected to announce a new A-series phone based on the Pixel 6 generation this year. Many may have anticipated the ... Read more »

Steam Deck support for games using Easy Anti-Cheat will be easier to process, Valve tells developers

Steam Deck | Photo credit: Valve / YouTube screenshot The start of Steam Deck deliveries is expected to happen soon, and Valve has a new update for game developers that ... Read more »

Yakuza director announces new studio after leaving Sega

Toshihiro Nagoshi, former chief creative officer at Sega, where he led development of the Yakuza series as general director of Ryu Ga Gotoku Studio, has announced his next move. He’s ... Read more »

iPad Pro 2022 leak points to a big upgrade for the 11-inch tablet

While the 2021 iPad Pros had a big display gulf between the 11-inch and 12.9-inch versions, that looks set to change with the iPad Pro (2022) if a new leak ... Read more »

Google says it will have to censor search results if court ruling isn't overturned

Google said the ruling would have a devastating impact on the internet Google has appealed to the High Court in Australia to overturn a decision awarded against it in 2020. ... Read more »

Deputy PM: Very significant risk of Russia invading Ukraine

Deputy Prime Minister Dominic Raab says there is a “very significant risk” that Russia will mount an invasion of Ukraine and insists that the UK, along with allies will impose ... Read more »

Korea sees huge drop in employment in manufacturing industry

(Yonhap)South Korea’s manufacturing industry saw a huge drop in the number of employed in recent years mainly due to the companies’ contracted local investment and restructuring among shipbuilding and auto ... Read more »

Protestors march against NHS staff vaccine mandate

Protestors have taken to the streets in central London to march against the government’s mandatory vaccine policy for NHS staff which is set to come into force on 1st April. ... Read more »

Stars eulogize 'Bat Out of Hell' rocker Meat Loaf

Incomparable rock star Meat Loaf, whose 1977 debut “Bat Out of Hell” remains one of the best-selling albums of all time, has died, his family said in a statement released ... Read more »

Delaware Police Lift SUV to Rescue 70-Year-Old Woman Pinned Underneath

Officers with the New Castle County Police lifted an SUV to free a 70-year-old woman who was trapped underneath the vehicle on January 19. Police said they found the woman ... Read more »

This Talent Marketplace Is Using Crypto To Transform Work For Remote Engineers Globally

Hiring technical talent has been one of the biggest challenges of the startup and corporate world in the past decade. With the world going remote, access to talent has expanded, ... Read more »

Odds on: Who could replace Boris Johnson?

Boris Johnson is clinging to his premiership as allegations of Covid rule-breaking pile up. But if he goes, which Conservative MPs will throw their hats into a leadership race and ... Read more »

New Zealand PM cancels wedding amid new restrictions

New Zealand will impose mask rules and limit gathering from midnight on Sunday after a cluster of nine COVID-19 Omicron cases showed community spread from the North to South islands ... Read more »

‘Dark Souls' servers are down as FromSoftware, Bandai address new exploit that could let hackers control players' PCs

Photo credit: Bandai Namco Entertainment America / YouTube screenshot Over the last few days, avid “Dark Souls” players have likely stumbled upon the reported remote code execution (RCE) exploit. FromSoftware ... Read more »

Micromax In Note 2 smartphone to launch tomorrow: Confirmed specifications

NEW DELHI: Micromax is all set to expand its smartphone lineup in India. The company has confirmed the launch of the In Note 2 smartphone in the country. The Indian ... Read more »

Samsung starts taking pre-orders for Galaxy S22 smartphones series

NEW DELHI: Samsung has already confirmed that it will launch its next-generation flagship smartphone series next month. Now, the South Korean tech giant has started taking pre-orders for the upcoming ... Read more »

Emmerdale stars Max Parker and Kris Mochrie announce engagement

Emmerdale stars Max Parker and Kris Mochrie have confirmed they are engaged. The actors announced their engagement with a series of photos on Instagram. “He deserved the world, but the ... Read more »

European Parliament approves proposal to ban targeted ads

The European Parliament has approved a draft set of measures to tackle illegal content, especially targeted advertising, and to ensure that social media platforms are held accountable for their algorithms ... Read more »

Australia PM loses control of WeChat Chinese account

Australia’s Prime Minister Scott Morrison‘s Liberal Party lost access to his official WeChat social media account months ago, politicians said on Monday, issuing claims of censorship, while the still-active account ... Read more »

WhatsApp is adding this mobile feature to desktop app

Meta-owned WhatsApp is reportedly planning to bring a new security feature for its desktop and web users. According to a report by WaBetaInfo, the instant chat platform may bring two-step ... Read more »

Samsung Galaxy S22 price leak suggests Ultra model will only get 8GB and 12GB RAM options

Samsung Galaxy S21 Ultra | Photo credit: Salman Majeed / Unsplash A new leak from a reliable source has debunked speculations that the Galaxy S22 series would be cheaper. While the starting prices ... Read more »

TikTok in Japan pays influencers without informing viewers to spread videos

The logo of video-sharing social networking service TikTok is seen in a photo taken in Tokyo on Aug 1, 2020. (Kyodo photo) TOKYO: The Japan operator of the popular Chinese ... Read more »

Microsoft is force upgrading these Windows users

Microsoft has confirmed that it will support Windows 10 until at least 2025, but the company won’t add any new features to the operating system. Now, the tech giant has ... Read more »

Toshiba halts operations at chip plant after earthquake

Toshiba Corp said on Monday that it had suspended operations at a plant in Oita, southern Japan that makes semiconductors used in cars and industrial machinery, after a strong earthquake ... Read more »

Redmi Note 11S launch date in India announced, to be available via Amazon

Redmi Note 11S will go official in India on February 9. Xiaomi has announced the launch date of the phone via Twitter. The company has also created a microsite of ... Read more »

Ola gets a $200 million push for electric two-wheelers

Ola Electric on Monday announced it has raised over $200 million from Tekne Private Ventures, Alpine Opportunity Fund, Edelweiss and others.The latest round values the company at $5 billion.“We have ... Read more »

Oppo Reno7 series to launch in India on February 4

Smartphone brand Oppo has announced the launch date of the Reno7 smartphone series in India. The company will unveil the phones on February 4. The series will consist of Oppo ... Read more »

Korea's contradictory nuclear energy policy raises eyebrows

Wolseong 1 nuclear reactor in Gyeongju, North Gyeongsang Province. Korea Times file Gov’t eager to shut down nuclear plants, while seeking to build many abroad By Lee Kyung-min The Moon ... Read more »

Elections 2022 | BJP, other parties and Koo lead political ad spending on Facebook

Representative image. (Source: Shutterstock) The Bharatiya Janata Party (BJP) and rivals like the Congress continue to lead the political ad race on Facebook with just a few weeks to go ... Read more »

OPPO Reno 7, Reno 7 Pro India launch on February 4: Check expected price, specifications

Oppo Reno 7 Pro features a MediaTek Dimensity 1200-Max. Oppo Reno 7 series India launch date has been announced. The Oppo Reno 7 and Reno 7 Pro India launch event ... Read more »

Royal Navy seizes a tonne of drugs worth £15m in Gulf of Oman

More than one tonne of drugs worth more than £15m has been seized by the Royal Navy in its first bust of the year. (SWNS) Drugs weighing over a tonne ... Read more »

SK, KT rethink attending MWC amid Omicron variant

Visitors arrive at the Mobile World Congress (MWC) fair in Barcelona, Spain, June 28, 2021. AFP-Yonhap By Baek Byung-yeul SK Telecom and KT are agonizing over the size of their ... Read more »

[Behind the Wheel] Polestar 2, simple but powerful

Polestar Korea launches its performance and design driven electric car Polestar 2. (Polestar Korea)The Polestar 2, the first Polestar car to hit the Korean roads, is a performance-driven car, living ... Read more »
On free-english-test.com you will find lots of free English exam practice materials to help you improve your English skills: grammar, listening, reading, writing, ielts, toeic