CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.8%
Heap-based buffer overflow in a regular-expression parser in Mozilla
Network Security Services (NSS) before 3.12.3, as used in Firefox,
Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM),
allows remote SSL servers to cause a denial of service (application crash)
or possibly execute arbitrary code via a long domain name in the subjectβs
Common Name (CN) field of an X.509 certificate, related to the
cert_TestHostName function.