DescriptionHeap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.
Overall state of this security issue: Resolved
This issue is currently rated as having critical severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SA:2009:048, published Tue, 20 Oct 2009 17:00:00 +0000
List of released packages
|Product(s)||Fixed package version(s)||References|
|SUSE Linux Enterprise Server 11|| ||Patchnames: |
|SUSE Linux Enterprise Server for SAP Applications 11|| ||Patchnames: |
SUSE Timeline for this CVECVE page created: Fri Jun 28 07:00:19 2013
CVE page last modified: Tue Nov 29 11:50:11 2022