5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.104 Low
EPSS
Percentile
94.9%
Security researcher Kaspar Brand found a flaw in how the Network Security Services (NSS) ASN.1 decoder handles zero length items. Effects of this issue depend on the field. One known symptom is an unexploitable crash in handling OCSP responses. NSS also mishandles zero-length basic constraints, assuming default values for some types that should be rejected as malformed. These issues have been addressed in NSS 3.13.4, which is now being used by Mozilla.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 13 | |
firefox esr | lt | 10.0.5 | |
seamonkey | lt | 2.10 | |
thunderbird | lt | 13 | |
thunderbird esr | lt | 10.0.5 |