|
Mozilla / NSS S/MIME Implementation Vulnerability
|
|
|
|
|
Secunia Advisory:
|
SA11096
|
|
|
Release Date:
|
2004-03-11
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Mozilla 1.0
Mozilla 1.1
Mozilla 1.2
Mozilla 1.3
Mozilla 1.4
Network Security Services (NSS) 3.x
|
| | CVE reference: | CVE-2003-0564 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
A vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system, has been reported in NSS (Network Security Services) security suite and Mozilla browsers shipping vulnerable versions of it.
The vulnerability is caused due to a handling error in the S/MIME (Secure/Multipurpose Internet Mail Extensions) implementation when parsing certain ASN.1 constructs. This can be exploited by sending a specially crafted S/MIME email containing an exceptional ASN.1 element to a user.
The vulnerability reportedly affects NSS 3.8 and prior as well as Mozilla browsers shipping affected versions.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution:
The vulnerability has been fixed in NSS 3.9 and Mozilla browsers shipping this version.
Provided and/or discovered by:
NISCC
Original Advisory:
NISCC:
http://www.uniras.gov.uk/vuls/2003/006489/smime.htm
Other References:
US-CERT VU#428230:
http://www.kb.cert.org/vuls/id/428230
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
38 Related Secunia Security Advisories, displaying 10
|
|
|
1. Network Security Services SSLv2 Processing Buffer Overflows
|
|
2. Network Security Services (NSS) Signature Forgery Vulnerability
|
|
3. Mozilla Suite Multiple Vulnerabilities
|
|
4. Network Security Services (NSS) Library Zlib Vulnerability
|
|
5. Mozilla Multiple Vulnerabilities
|
|
6. Mozilla Multiple Vulnerabilities
|
|
7. Mozilla Multiple Vulnerabilities
|
|
8. Mozilla Suite JavaScript Engine Information Disclosure Vulnerability
|
|
9. Mozilla Security Bypass and Buffer Overflow Vulnerabilities
|
|
10. Mozilla / Firefox / Thunderbird Multiple Vulnerabilities
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
