Mozilla Products NSS Code Execution and Security Bypass Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 4 Aug 2009 5337 Views

RISK: Medium Risk

Medium Risk

Two vulnerabilities have been identified in Mozilla Firefox, Thunderbird and Seamonkey, which could be exploited by remote attackers to bypass security restrictions or compromise a vulnerable system. These issues are caused by errors in NSS.

1. A heap overflow in a regular expression parser when checking if the hostname of a visited web site matches the Common Name (CN) field of the presented certificate, which could allow attackers to execute arbitrary code via a malicious certificate.

2. Anerror when handling NULL characters in a certificate, which could allow man-in-the-middle attacks.

Impact

  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass

System / Technologies affected

  • Mozilla Firefox versions 3.x
  • Mozilla Thunderbird versions 2.x
  • Mozilla SeaMonkey versions 1.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Mozilla Firefox - upgrade to Mozilla Firefox version 3.5 :
http://www.mozilla.com/firefox/

Mozilla SeaMonkey - do not browse untrusted websites.

Mozilla Thunderbird - do not open mails from untrusted sources.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Adobe Flash Player and AIR Multiple Code Execution Vulnerabilities

3 Aug 2009 5420 Views

Next

Apple iPhone SMS Processing Memory Corruption Vulnerability

4 Aug 2009 5669 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY