Summary
This host is installed with Firefox or Thunderbird or SeaMonkey or Evolution or Pidgin or AOL Instant Messenger Product(s) which is prone to Buffer Overflow vulnerability.
Impact
Successful exploitation will let the attacker execute arbitrary code in the context of the affected application and may lead to denial of service.
Solution
Upgrade to NSS library 3.12.3 or later.
http://www.mozilla.org/projects/security/pki/nss/tools/
Insight
A flaw exists in the regular expression parser used in the NSS library to match common names in certificates and may result in a heap based buffer overflow.
It can be exploited via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.
Affected
Firefox/Thunderbird/SeaMonkey/Evolution/Pidgin/AOL Instant Messenger containing NSS library before 3.12.3.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-2404 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Astium VoIP PBX SQL Injection Vulnerability
- Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
- Adobe ColdFusion Components (CFC) Denial Of Service Vulnerability
- AIOCP 'cp_html2xhtmlbasic.php' Remote File Inclusion Vulnerability
- AWStats configdir parameter arbitrary cmd exec