Mozilla Suite NSS Library Memory Leak Vulnerability

2006-06-27T00:00:00
ID SECURITYVULNS:DOC:13324
Type securityvulns
Reporter Securityvulns
Modified 2006-06-27T00:00:00

Description

Description: Mozilla Suite 1.7.1.3 is susceptible to affected to DoS-type memory leak vulnerability disclosed in Mozilla Network Security Services library implementation. This library is shipped with the newest Mozilla Suite browser.

Reportedly the Network Security Services (NSS) library will leak 256 bytes of memory per RSA cryptographic operation. After a certain amount of time, this causes the system to run out of memory and may lead to a system hang or panic state.

The following Network Security Services library version was shipped with the newest Mozilla Firefox 1.7.1.3: D:\Mozilla_Suite\nss3.dll (NSS Base Library) 3.9.3.0 (April 2006)

Solution status: No updated version available from the vendor at the time of reporting.

Timeline: 25-Jun-2006 - Vulnerability researched 26-Jun-2006 - Vendor was contacted 26-Jun-2006 - Security companies and several CERT units contacted

References: Sun Alert ID #102461: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102461-1

NSS Project home page: http://www.mozilla.org/projects/security/pki/nss/

Best regards, Juha-Matti Laurio Networksecurity.fi http://www.networksecurity.fi/