CVE-2009-2404
published 2009-08-03CVE-2009-2404: Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey…
critical9.3CVSS 3.1
AVNACMAuNCCICAC
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nss | < nss 3.12.3-1 (bookworm) | nss 3.12.3-1 (bookworm) |
| mozilla | network_security_services | — | — |
| mozilla | nss | >= 0 < 3.12.3-1 | 3.12.3-1 |
| mozilla | nss | >= 0 < 3.12.3-1 | 3.12.3-1 |
| mozilla | nss | >= 0 < 3.12.3-1 | 3.12.3-1 |
| mozilla | nss | >= 0 < 3.12.3-1 | 3.12.3-1 |
CVSS provenance
nvd9.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL