There are 3 open security issues in bullseye.
2 important issues:
- CVE-2023-6135:
Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.
- CVE-2024-0743:
An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9.
1 issue left for the package maintainer to handle:
- CVE-2023-5388:
(needs triaging)
NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
You can find information about how to handle this issue in the security team's documentation.