CVE-2009-2408
firefox/nss: doesn't handle NULL in Common Name properly
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.
Mozilla Firefox anterior a v3.5 y NSS anterior a v3.12.3 no tratan apropiadamente un carácter '\0' en un nombre de dominio en el campo nombre común (CN) del asunto de un certificado X.509, que permite a un atacante de hombre-en-el-medio suplantar servidores SSL arbitrarios a través de un certificado manipulado por una autoridad de certificación.
Security researcher Juan Pablo Lopez Yacubian reported that an attacker could call window.open() on an invalid URL which looks similar to a legitimate URL and then use document.write() to place content within the new document, appearing to have come from the spoofed location. Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run arbitrary code by presenting a specially crafted certificate to the client. IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions. This update provides the latest Mozilla Firefox 3.0.x to correct these issues. Additionally, some packages which require so, have been rebuilt and are being provided as updates.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-07-09 CVE Reserved
- 2009-07-30 CVE Published
- 2024-08-07 CVE Updated
- 2025-07-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-295: Improper Certificate Validation
CAPEC
References (31)
| URL | Tag | Source |
|---|---|---|
| http://isc.sans.org/diary.html?storyid=7003 | Broken Link | |
| http://marc.info/?l=oss-security&m=125198917018936&w=2 | Mailing List | |
| http://osvdb.org/56723 | Broken Link | |
| http://secunia.com/advisories/36669 | Broken Link | |
| http://secunia.com/advisories/37098 | Broken Link | |
| http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8&r2=1.11&f=h | Broken Link | |
| http://www.securitytracker.com/id?1022632 | Broken Link | |
| http://www.vupen.com/english/advisories/2009/3184 | Broken Link | |
| http://www.wired.com/threatlevel/2009/07/kaminsky | Media Coverage | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10751 | Broken Link | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8458 | Broken Link |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | < 3.0.13 Search vendor "Mozilla" for product "Firefox" and version " < 3.0.13" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | < 3.12.3 Search vendor "Mozilla" for product "Network Security Services" and version " < 3.12.3" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | < 1.1.18 Search vendor "Mozilla" for product "Seamonkey" and version " < 1.1.18" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | < 2.0.0.23 Search vendor "Mozilla" for product "Thunderbird" and version " < 2.0.0.23" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | >= 10.3 <= 11.1 Search vendor "Opensuse" for product "Opensuse" and version " >= 10.3 <= 11.1" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Search vendor "Suse" for product "Linux Enterprise" | 10.0 Search vendor "Suse" for product "Linux Enterprise" and version "10.0" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Search vendor "Suse" for product "Linux Enterprise" | 11.0 Search vendor "Suse" for product "Linux Enterprise" and version "11.0" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 9 Search vendor "Suse" for product "Linux Enterprise Server" and version "9" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 5.0 Search vendor "Debian" for product "Debian Linux" and version "5.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 8.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 8.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 9.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "9.04" | - |
Affected
| ||||||