CVE-2006-2788

Name of the Vulnerable Software and Affected Versions libnss3 versions (affected versions not specified) libnspr4 versions (affected versions not specified) libnspr-dev versions (affected versions not specified) libnss-dev versions (affected versions not specified)

Description The issue concerns multiple vulnerabilities in the libnss3, libnspr4, libnspr-dev, and libnss-dev packages of the Debian GNU/Linux operating system. These vulnerabilities can be exploited remotely, potentially leading to a breach of confidentiality, integrity, and availability of protected information. In the context of Firefox, a double free vulnerability in the getRawDER function for nsIX509Cert allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain JavaScript code.

Recommendations For libnss3, consider updating to a version that includes the necessary security patches. For libnspr4, restrict access to vulnerable functions until a patch is available. For libnspr-dev, avoid using the vulnerable package until the issue is resolved. For libnss-dev, as a temporary workaround, consider disabling the vulnerable components until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.