4 matches found
USN-1540-1: NSS vulnerability
Kaspar Brand discovered a vulnerability in how the Network Security Services NSS ASN.1 decoder handles zero length items. If the user were tricked into opening a specially crafted certificate, an attacker could possibly exploit this to cause a denial of service via application crash...
nss: NSS parsing errors with zero length items
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services NSS before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a...
nss: NSS parsing errors with zero length items
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services NSS before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a...
NSS parsing errors with zero length items — Mozilla
Security researcher Kaspar Brand found a flaw in how the Network Security Services NSS ASN.1 decoder handles zero length items. Effects of this issue depend on the field. One known symptom is an unexploitable crash in handling OCSP responses. NSS also mishandles zero-length basic constraints,...