It was discovered that NSS incorrectly handled the TLS State Machine. A remote attacker could possibly use this issue to cause NSS to hang, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-17023)
Cesar Pereida Garcia discovered that NSS incorrectly handled DSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover DSA keys. (CVE-2020-12399)
{ "availability": "No subscription required", "binaries": [ { "libnss3-nssdb": "2:3.28.4-0ubuntu0.16.04.11", "libnss3-1d": "2:3.28.4-0ubuntu0.16.04.11", "libnss3-dbgsym": "2:3.28.4-0ubuntu0.16.04.11", "libnss3": "2:3.28.4-0ubuntu0.16.04.11", "libnss3-dev": "2:3.28.4-0ubuntu0.16.04.11", "libnss3-dbg": "2:3.28.4-0ubuntu0.16.04.11", "libnss3-tools": "2:3.28.4-0ubuntu0.16.04.11", "libnss3-tools-dbgsym": "2:3.28.4-0ubuntu0.16.04.11" } ] }