Denial of Service in Mozilla Network Security Services (NSS) due to ASN.1 Decoder Flaw
CVE-2012-0441

Currently unrated

Key Information:

Vendor: Mozilla
Status: Network Security Services; Seamonkey; Firefox; Thunderbird
Vendor: CVE Published:; 5 June 2012

What is CVE-2012-0441?

The ASN.1 decoder in Mozilla Network Security Services (NSS) is susceptible to a Denial of Service attack when processing zero-length items. This can occur through various means, such as a zero-length basic constraint or a zero-length field in an OCSP response. Vulnerable versions include Firefox 4.x through 12.0, Thunderbird 5.0 through 12.0, and SeaMonkey before version 2.10. Attackers can exploit this flaw, leading to application crashes, thereby disrupting service and affecting user experience.

References

http://www.oracle.com/technetwork/topics/security/ovmbull...

x_refsource_CONFIRM

http://www.mozilla.org/security/announce/2012/mfsa2012-39...

x_refsource_CONFIRM

http://secunia.com/advisories/49976

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2012
Vulnerability Reserved
Jan 9, 2012