Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) prior to 3.11.5, as used by Firefox prior to 1.5.0.10 and 2.x prior to 2.0.0.2, Thunderbird prior to 1.5.0.10, SeaMonkey prior to 1.0.8, and certain Sun Java System server products prior to 20070611, allows remote malicious users to execute arbitrary code via invalid "Client Master Key" length values.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |
||
mozilla network security services |
||
mozilla seamonkey |
||
mozilla thunderbird |
||
debian debian linux 4.0 |
||
debian debian linux 3.1 |
||
canonical ubuntu linux 5.10 |
||
canonical ubuntu linux 6.10 |
||
canonical ubuntu linux 6.06 |