The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:34
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html - | |
References | () http://secunia.com/advisories/49976 - | |
References | () http://secunia.com/advisories/50316 - | |
References | () http://www.debian.org/security/2012/dsa-2490 - | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2012:088 - | |
References | () http://www.mozilla.org/security/announce/2012/mfsa2012-39.html - Vendor Advisory | |
References | () http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html - | |
References | () http://www.securityfocus.com/bid/53798 - | |
References | () http://www.ubuntu.com/usn/USN-1540-1 - | |
References | () http://www.ubuntu.com/usn/USN-1540-2 - | |
References | () https://bugzilla.mozilla.org/show_bug.cgi?id=715073 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16701 - |
21 Oct 2024, 13:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mozilla:firefox_esr:10.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox_esr:10.0.1:*:*:*:*:*:*:* |
21 Oct 2024, 13:11
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mozilla:firefox_esr:10.0.3:*:*:*:*:*:*:* |
cpe:2.3:a:mozilla:firefox:10.0.3:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:10.0.4:*:*:*:*:*:*:* |
Information
Published : 2012-06-05 23:55
Updated : 2024-11-21 01:34
NVD link : CVE-2012-0441
Mitre link : CVE-2012-0441
CVE.ORG link : CVE-2012-0441
JSON object : View
Products Affected
mozilla
- seamonkey
- network_security_services
- thunderbird
- thunderbird_esr
- firefox
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer