Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Mozilla Fixes Critical Bug in Cross-platform Cryptography Library

Mozilla Fixes Critical Bug in Cross-platform Cryptography Library

Mozilla has addressed a critical memory corruption vulnerability affecting its cross-platform Network Security Services (NSS) set of cryptography libraries.

NSS can be used to develop security-enabled client and server apps with support for SSL v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and various other security standards.

The security flaw was found by Google vulnerability researcher Tavis Ormandy in NSS versions before 3.73 or 3.68.1 ESR—who also dubbed it BigSig—and is now tracked as CVE-2021-43527.

Also Read: Basic Info On How Long To Keep Accounting Records In Singapore?

It can lead to a heap-based buffer overflow when handling DER-encoded DSA or RSA-PSS signatures in email clients and PDF viewers using vulnerable NSS versions (the bug has been fixed in NSS 3.68.1 and NSS 3.73).

The impact of successful heap overflow exploitation can range from program crashes and arbitrary code execution to bypassing security software if code execution is achieved.

This is a major memory corruption flaw in NSS, almost any use of NSS is affected. The Mozilla advisory is here— Tavis Ormandy (@taviso) December 1, 2021

All versions released since October 2012 vulnerable

“Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted,” Mozilla said in a security advisory issued today.

“Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS.”

“We believe all versions of NSS since 3.14 (released October 2012) are vulnerable,” Ormandy added on the Project Zero issue tracker.

“Mozilla plan to produce a thorough list of affected APIs – but the summary is any standard use of NSS is affected. The bug is simple to reproduce and affects multiple algorithms.”

Luckily, according to Mozilla, this vulnerability doesn’t impact the Mozilla Firefox web browser. However, all PDF viewers and email clients which use NSS for signature verification are believed to be impacted.

Also Read: Data Centre Regulations Singapore: Does It Help To Progress?

NSS is used by Mozilla, Red Hat, SUSE, and others in a wide variety of products, including:

  • Firefox, Thunderbird, SeaMonkey, and Firefox OS.
  • Open-source client applications such as Evolution, Pidgin, Apache OpenOffice, and LibreOffice.
  • Server products from Red Hat: Red Hat Directory Server, Red Hat Certificate System, and the mod_nss SSL module for the Apache webserver.
  • Server products from Oracle (formerly Sun Java Enterprise System), including Oracle Communications Messaging Server and Oracle Directory Server Enterprise Edition.
  • SUSE Linux Enterprise Server supports NSS and the mod_nss SSL module for the Apache webserver.

“If you are a vendor that distributes NSS in your products, you will most likely need to update or backport the patch,” Ormandy said.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us