• [SOLVED]Vulnerability-nss 3.72 critical-memory corruption

Posted: **Sat Dec 04, 2021 6:13 pm**

Output from;

sudo pkg audit -F

Fetching vuln.xml.xz: 100% 919 KiB 940.9kB/s 00:01
nss-3.72 is vulnerable:
NSS -- Memory corruption
CVE: CVE-2021-43527
WWW: https://vuxml.FreeBSD.org/freebsd/47695 ... 17024.html

1 problem(s) in 1 installed package(s) found.

Something i installed,perhaps? Installed 'fltk' from 'Software Station' yesterday. I think i might uninstall that.

Posted: **Sat Dec 04, 2021 7:42 pm**

More detail...
NSS 3.72
Fixed in 3.73 at https://github.com/freebsd/freebsd-port ... curity/nss

Note: This vulnerability does NOT impact Mozilla Firefox.
However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted.

Steve

Posted: **Sun Dec 05, 2021 8:52 am**

You should report the security issues on our GitHub issue. It is more easy to follow up.

Posted: **Sun Dec 05, 2021 9:06 am**

I did start a build yesterday, and the update of NSS to 3.73 is coming.

Posted: **Sun Dec 05, 2021 9:13 am**

ericbsd wrote: ↑Sun Dec 05, 2021 8:52 am You should report the security issues on our GitHub issue. It is more easy to follow up.

I understand. Will do that from now on. Thank you for prompt response and being ahead of this issue for resolve.

[SOLVED]Vulnerability-nss 3.72 critical-memory corruption

[SOLVED]Vulnerability-nss 3.72 critical-memory corruption

Re: Vulnerability-nss 3.72 critical-memory corruption

Re: Vulnerability-nss 3.72 critical-memory corruption

Re: Vulnerability-nss 3.72 critical-memory corruption

Re: Vulnerability-nss 3.72 critical-memory corruption