Published: 03/08/2009 Updated: 03/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) prior to 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla network_security_services 3.12.3

Debian Bug report logs - #539934 CVE-2009-2408, CVE-2009-2404, NSS multiple vulnerabilities Package: nss; Maintainer for nss is Maintainers of Mozilla-related packages <team+pkg-mozilla@trackerdebianorg>; Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> Date: Tue, 4 Aug 2009 15:03:02 UTC Severity: serious Tag ...

Synopsis Critical: nspr and nss security and bug fix update Type/Severity Security Advisory: Critical Topic Updated nspr and nss packages that fix security issues and bugs are nowavailable for Red Hat Enterprise Linux 47 Extended Update SupportThis update has been rated as having critical security impact ...

Synopsis Critical: nspr and nss security, bug fix, and enhancement update Type/Severity Security Advisory: Critical Topic Updated nspr and nss packages that fix security issues, bugs, and add anenhancement are now available for Red Hat Enterprise Linux 5This update has been rated as having critical securit ...

Synopsis Critical: nspr and nss security and bug fix update Type/Severity Security Advisory: Critical Topic Updated nspr and nss packages that fix security issues and a bug are nowavailable for Red Hat Enterprise Linux 4This update has been rated as having critical security impact by the RedHat Security Re ...

Synopsis Critical: seamonkey security update Type/Severity Security Advisory: Critical Topic Updated seamonkey packages that fix a security issue are now available forRed Hat Enterprise Linux 3This update has been rated as having critical security impact by the RedHat Security Response Team Descr ...

USN-810-1 fixed vulnerabilities in NSS Jozsef Kadlecsik noticed that the new libraries on amd64 did not correctly set stack memory flags, and caused applications using NSS (eg Firefox) to have an executable stack This reduced the effectiveness of some defensive security protections This update fixes the problem ...

USN-810-1 fixed vulnerabilities in NSS This update provides the NSPR needed to use the new NSS ...

Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program (CVE-2009-2404) ...

Several vulnerabilities have been discovered in the Network Security Service libraries The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2404 Moxie Marlinspike discovered that a buffer overflow in the regular expression parser could lead to the execution of arbitrary code CVE-2009-2408 Dan Kami ...

Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2408 Dan Kaminsky and Moxie Marlinspike discovered that icedove does not properly handle a '\0' character in a domain name ...

Mozilla Foundation Security Advisory 2009-43 Heap overflow in certificate regexp parsing Announced August 1, 2009 Reporter Moxie Marlinspike Impact Critical Products Firefox, NSS, SeaMonkey, Thunderbird Fixed in ...

Get Started

CVE-2009-2404

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect