The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) prior to 3.19.2.1 and 3.20.x prior to 3.20.1, as used in Firefox prior to 42.0 and Firefox ESR 38.x prior to 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla network security services |
||
mozilla network security services 3.20.0 |
||
mozilla firefox |
||
mozilla firefox esr 38.0.5 |
||
mozilla firefox esr 38.1.0 |
||
mozilla firefox esr 38.2.1 |
||
mozilla firefox esr 38.3.0 |
||
mozilla firefox esr 38.1.1 |
||
mozilla firefox esr 38.2.0 |
||
mozilla firefox esr 38.0 |
||
mozilla firefox esr 38.0.1 |
SSL/TLS library flaws found, anti-analytics missiles deployed
Mozilla has released Firefox 42 and Firefox ESR 38 38.4, which include fixes for worrying security vulnerabilities in the web browser. The November 3 update squashes at least three bugs that can be potentially exploited to achieve remote code execution. Two Mozilla engineers, Tyson Smith and David Keeler, uncovered two flaws (CVE-2015-7181 and CVE-2015-7182) in NSS, a toolkit used by Firefox to encrypt web traffic over SSL/TLS. By exploiting "a use-after-poison and buffer overflow in the ASN.1 d...