Some vulnerabilities have been reported in Network Security Services, which can potentially be exploited by malicious people to bypass certain security restrictions or to compromise a vulnerable system.
1) An error in the regular expression parser when matching common names in certificates can be exploited to cause a heap-based buffer overflow, e.g. via a specially crafted certificate signed by a trusted CA or when a user accepts a specially crafted certificate.
Successful exploitation may allow execution of arbitrary code.
2) An error exists in the parsing of certain certificate fields, which can be exploited to e.g. get a client to accept a specially crafted certificate by mistake.
Solution: Update to version 3.12.3 or later.
Provided and/or discovered by: The vendor credits:
1) Moxie Marlinspike
2) Dan Kaminsky
Original Advisory: Mozilla Foundation:
Red Hat Bugzilla:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org