Mozilla’s Network Security Services (NSS): New packages fix cryptographic weaknesses

Users of Mozilla’s Network Security Services (NSS) please be advised of a New packages fix cryptographic weaknesses that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (

DSA 2123-1: [DSA 2123-1] New NSS packages fix cryptographic weaknesses
Several vulnerabilities have been discovered in Mozilla’s Network

Security Services (NSS) library. The Common Vulnerabilities and

Exposures project identifies the following problems:

NSS recognizes a wildcard IP address in the subject’s Common

Name field of an X.509 certificate, which might allow

man-in-the-middle attackers to spoof arbitrary SSL servers via

a crafted certificate issued by a legitimate Certification


NSS does not properly set the minimum key length for

Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for

remote attackers to defeat cryptographic protection mechanisms

via a brute-force attack.