CVE-2012-0441

Currently unrated

Key Information:

Vendor: Mozilla
Status: Network Security Services; Seamonkey; Firefox; Thunderbird
Vendor: CVE Published:; 5 June 2012

Summary

The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response.

References

http://www.oracle.com/technetwork/topics/security/ovmbull...

x_refsource_CONFIRM

http://www.mozilla.org/security/announce/2012/mfsa2012-39...

x_refsource_CONFIRM

http://secunia.com/advisories/49976

third-party-advisoryx_refsource_SECUNIA

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 5, 2012
Vulnerability Reserved
Jan 9, 2012