Denial of Service in Mozilla Network Security Services (NSS) due to ASN.1 Decoder Flaw
CVE-2012-0441

Currently unrated

Key Information:

Vendor

Mozilla
Status
Network Security Services
Seamonkey
Firefox
Thunderbird
Vendor
CVE Published:
5 June 2012

What is CVE-2012-0441?

The ASN.1 decoder in Mozilla Network Security Services (NSS) is susceptible to a Denial of Service attack when processing zero-length items. This can occur through various means, such as a zero-length basic constraint or a zero-length field in an OCSP response. Vulnerable versions include Firefox 4.x through 12.0, Thunderbird 5.0 through 12.0, and SeaMonkey before version 2.10. Attackers can exploit this flaw, leading to application crashes, thereby disrupting service and affecting user experience.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.oracle.com/technetwork/topics/security/ovmbull...
x_refsource_CONFIRM
http://www.mozilla.org/security/announce/2012/mfsa2012-39...
x_refsource_CONFIRM
http://secunia.com/advisories/49976
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.