CVE-2009-2404 – nss regexp heap overflow
https://notcve.org/view.php?id=CVE-2009-2404
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function. Desbordamiento de búfer basado en memoria dinámica en el analizador de expresiones regulares en Mozilla NetWork Security Services (NSS) anteriores a 3.12.3 como las utilizadas en Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, y AOL Instant Messenger (AIM), permite a servidores SSL remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecución de código de su elección a través de un nombre de dominio largo en el campo Common Name (CN) en un certificado X.509, relativo a la función cert_TestHost_Name. • http://rhn.redhat.com/errata/RHSA-2009-1185.html http://secunia.com/advisories/36088 http://secunia.com/advisories/36102 http://secunia.com/advisories/36125 http://secunia.com/advisories/36139 http://secunia.com/advisories/36157 http://secunia.com/advisories/36434 http://secunia.com/advisories/37098 http://secunia.com/advisories/39428 http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-2408 – firefox/nss: doesn't handle NULL in Common Name properly
https://notcve.org/view.php?id=CVE-2009-2408
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5. Mozilla Firefox anterior a v3.5 y NSS anterior a v3.12.3 no tratan apropiadamente un carácter '\0' en un nombre de dominio en el campo nombre común (CN) del asunto de un certificado X.509, que permite a un atacante de hombre-en-el-medio suplantar servidores SSL arbitrarios a través de un certificado manipulado por una autoridad de certificación. • http://isc.sans.org/diary.html?storyid=7003 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html http://marc.info/?l=oss-security&m=125198917018936&w=2 http://osvdb.org/56723 http://secunia.com/advisories/36088 http://secunia.com/advisories/36125 http://secunia.com/advisories/36139 http://secunia.com/advisories/36157 http://secunia.com/advisories/36434 http://secunia.com/advisories/36669 http://secunia.com/advisories/37098 http://sunsolve.sun.com • CWE-295: Improper Certificate Validation •
CVE-2007-0009 – NSS: SSLv2 protocol buffer overflows
https://notcve.org/view.php?id=CVE-2007-0009
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values. Un desbordamiento de búfer en la región stack de la memoria en el soporte SSLv2 en Mozilla Network Security Services (NSS) anterior a versión 3.11.5, tal y como es usado por Firefox anterior a versión 1.5.0.10 y versión 2.x anterior a 2.0.0.2, Thunderbird anterior a versión 1.5.0.10, SeaMonkey anterior a versión 1.0.8, y ciertos productos de servidor Sun Java System anterior al 20070611, permite a los atacantes remotos ejecutar código arbitrario por medio de valores de longitud "Client Master Key" no válidos. • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://fedoranews.org/cms/node/2709 http://fedoranews.org/cms/node/2711 http://fedoranews.org/cms/node/2747 http://fedoranews.org/cms/node/2749 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483 http://lists.suse.com/archive/suse-s • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-0008 – NSS: SSLv2 protocol buffer overflows
https://notcve.org/view.php?id=CVE-2007-0008
Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow. Un subdesbordamiento de enteros en el soporte SSLv2 en Mozilla Network Security Services (NSS) versiones anteriores a 3.11.5, como es usado por Firefox versiones anteriores a 1.5.0.10 y versiones 2.x anteriores a 2.0.0.2, SeaMonkey versiones anteriores a 1.0.8, Thunderbird versiones anteriores a 1.5.0.10, y ciertos productos de servidor de Sun Java System anteriores a 20070611, permite a atacantes remotos ejecutar código arbitrario por medio de un mensaje de servidor SSLv2 especialmente diseñado que contiene una clave pública que es demasiado corta para cifrar el "Master Secret", lo resulta en un desbordamiento en la región heap de la memoria. • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://fedoranews.org/cms/node/2709 http://fedoranews.org/cms/node/2711 http://fedoranews.org/cms/node/2713 http://fedoranews.org/cms/node/2728 http://fedoranews.org/cms/node/2747 http://fedoranews.org/cms/node/2749 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://labs.idefense.com/ • CWE-189: Numeric Errors •
CVE-2006-5462
https://notcve.org/view.php?id=CVE-2006-5462
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340. La biblioteca Mozilla Network Security Service (NSS) en versiones anteriores a la 3.11.3, como el usado en el Mozilla Firefox en versiones anteriores a la 1.5.0.8, en el Thunderbird anterior a la versión 1.5.0.8 y en el SeaMonkey anteriores a la versión 1.0.6, cuando utiliza una clave RSA con exponente 3, no gestiona apropiadamente datos extra en la firma, lo cual permiten a atacantes remotos falsificar firmas para los certificados de correo electrónico SSL/TLS. NOTA: este identificador es para versiones de productos no parchados, que inicialmente se vieron en el CVE-2006-4340. • ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P http://rhn.redhat.com/errata/RHSA-2006-0733.html http://rhn.redhat.com/errata/RHSA-2006-0734.html http://rhn.redhat.com/errata/RHSA-2006-0735.html http://secunia.com/advisories/22066 http://secunia.com/advisories/22722 http://secunia.com/advisories/22727 http://secunia.com/advisories/22737 http://secunia.com/advisories/22763 http://secunia.com/advisories/22770 http://secunia.com/advisories/22815 http& •