CVE-2009-2404

Publication date 3 August 2009

Last updated 24 July 2024


Ubuntu priority

Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.

Status

Package Ubuntu Release Status
nss 9.04 jaunty
Fixed 3.12.3.1-0ubuntu0.8.04.1
8.10 intrepid
Fixed 3.12.3.1-0ubuntu0.8.04.1
8.04 LTS hardy
Fixed 3.12.3.1-0ubuntu0.8.04.1
6.06 LTS dapper Not in release

References

Related Ubuntu Security Notices (USN)

    • USN-810-1
    • NSS vulnerabilities
    • 4 August 2009

Other references