Several vulnerabilities have been discovered in Mozilla"s Network Security Services library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3170 NSS recognizes a wildcard IP address in the subject"s Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVE-2010-3173 NSS does not properly set the minimum key length for Diffie-Hellman Ephemeral mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. For the stable distribution , these problems have been fixed in version 3.12.3.1-0lenny2. For the unstable distribution and the upcoming stable distribution , these problems have been fixed in version 3.12.8-1. We recommend that you upgrade your NSS packages.