CVE-2012-0441

Published: 06 June 2012

The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response.

Priority

Medium

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (13.0)
nss
Launchpad, Ubuntu, Debian
Upstream
Released (3.13.4)
Patches:
Vendor: http://anonscm.debian.org/gitweb/?p=pkg-mozilla/nss.git;a=commitdiff;h=6c06f9c38d26a18c6c056c4fd3bd8a9538a3936b
seamonkey
Launchpad, Ubuntu, Debian
Upstream Needs triage

thunderbird
Launchpad, Ubuntu, Debian
Upstream
Released (13.0)
xulrunner-1.9.2
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

xulrunner-2.0
Launchpad, Ubuntu, Debian
Upstream Needs triage