Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) prior to 3.11.5, as used by Firefox prior to 1.5.0.10 and 2.x prior to 2.0.0.2, SeaMonkey prior to 1.0.8, Thunderbird prior to 1.5.0.10, and certain Sun Java System server products prior to 20070611, allows remote malicious users to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |
||
mozilla network security services 3.11.4 |
||
mozilla firefox 0.9.3 |
||
mozilla firefox 0.9.2 |
||
mozilla firefox 0.3 |
||
mozilla firefox 0.4 |
||
mozilla firefox 1.0.5 |
||
mozilla firefox 1.0.4 |
||
mozilla firefox 1.5.0.5 |
||
mozilla firefox 1.5.0.2 |
||
mozilla firefox 1.5.0.7 |
||
mozilla firefox 1.5.0.8 |
||
mozilla seamonkey 1.0 |
||
mozilla thunderbird 1.0.6 |
||
mozilla thunderbird 0.7.1 |
||
mozilla thunderbird 1.0 |
||
mozilla thunderbird 0.6 |
||
mozilla thunderbird 0.3 |
||
mozilla thunderbird 1.5.0.4 |
||
mozilla thunderbird 1.5.0.6 |
||
mozilla firefox 2.0 |
||
mozilla firefox 0.10 |
||
mozilla firefox 0.8 |
||
mozilla firefox 0.9 |
||
mozilla firefox 0.6.1 |
||
mozilla firefox 0.1 |
||
mozilla firefox 0.2 |
||
mozilla firefox 1.5 |
||
mozilla firefox 1.0.8 |
||
mozilla firefox 1.5.0.12 |
||
mozilla firefox 1.5.0.1 |
||
mozilla seamonkey 1.0.4 |
||
mozilla seamonkey 1.0.3 |
||
mozilla thunderbird 1.0.4 |
||
mozilla thunderbird 1.0.5 |
||
mozilla thunderbird 0.7.2 |
||
mozilla thunderbird 0.9 |
||
mozilla thunderbird 0.1 |
||
mozilla thunderbird 1.0.7 |
||
mozilla thunderbird 1.0.8 |
||
mozilla thunderbird 1.5.0.5 |
||
mozilla thunderbird 1.5 |
||
mozilla firefox 2.0.0.1 |
||
mozilla seamonkey |
||
mozilla firefox 0.10.1 |
||
mozilla firefox 0.9.1 |
||
mozilla firefox 0.7 |
||
mozilla firefox 0.7.1 |
||
mozilla firefox 1.0.3 |
||
mozilla firefox 1.0.2 |
||
mozilla firefox 1.4.1 |
||
mozilla firefox 1.0 |
||
mozilla firefox 1.5.0.4 |
||
mozilla firefox 1.5.0.10 |
||
mozilla firefox 1.5.0.6 |
||
mozilla seamonkey 1.0.2 |
||
mozilla seamonkey 1.0.1 |
||
mozilla thunderbird 0.7.3 |
||
mozilla thunderbird 0.7 |
||
mozilla thunderbird 0.2 |
||
mozilla thunderbird 0.5 |
||
mozilla thunderbird 1.5.0.3 |
||
mozilla thunderbird |
||
mozilla network security services 3.11.3 |
||
mozilla network security services 3.11.2 |
||
mozilla firefox 1.0.1 |
||
mozilla firefox 0.5 |
||
mozilla firefox 0.6 |
||
mozilla firefox 1.0.7 |
||
mozilla firefox 1.0.6 |
||
mozilla firefox 1.5.0.3 |
||
mozilla firefox 1.5.0.11 |
||
mozilla seamonkey 1.0.6 |
||
mozilla seamonkey 1.0.5 |
||
mozilla thunderbird 1.0.2 |
||
mozilla thunderbird 1.0.3 |
||
mozilla thunderbird 1.0.1 |
||
mozilla thunderbird 0.8 |
||
mozilla thunderbird 0.4 |
||
mozilla thunderbird 1.5.0.8 |
||
mozilla thunderbird 1.5.0.7 |
||
mozilla thunderbird 1.5.0.1 |
||
mozilla thunderbird 1.5.0.2 |