CVE-2012-0441

2012-06-0523:55:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2012-0441

mozilla

nss

asn.1

decoder

vulnerability

denial of service

application crash

remote attack

9 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.104 Low

EPSS

Percentile

95.0%

JSON

The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response.

CPENameOperatorVersion
mozilla:network_security_servicesmozilla network security serviceseq3.11.2
mozilla:seamonkeymozilla seamonkeyeq2.0.10
mozilla:seamonkeymozilla seamonkeyeq1.1.10
mozilla:network_security_servicesmozilla network security serviceseq3.6.1
mozilla:seamonkeymozilla seamonkeyeq2.5
mozilla:network_security_servicesmozilla network security serviceseq3.2
mozilla:seamonkeymozilla seamonkeyeq2.2
mozilla:seamonkeymozilla seamonkeyeq2.6
mozilla:firefoxmozilla firefoxeq4.0
mozilla:seamonkeymozilla seamonkeyeq1.0.3

CPE	Name	Operator	Version
mozilla:network_security_services	mozilla network security services	eq	3.11.2
mozilla:seamonkey	mozilla seamonkey	eq	2.0.10
mozilla:seamonkey	mozilla seamonkey	eq	1.1.10
mozilla:network_security_services	mozilla network security services	eq	3.6.1
mozilla:seamonkey	mozilla seamonkey	eq	2.5
mozilla:network_security_services	mozilla network security services	eq	3.2
mozilla:seamonkey	mozilla seamonkey	eq	2.2
mozilla:seamonkey	mozilla seamonkey	eq	2.6
mozilla:firefox	mozilla firefox	eq	4.0
mozilla:seamonkey	mozilla seamonkey	eq	1.0.3