Mozilla » Network Security Services : Security Vulnerabilities, CVEs, Published In 2009 (Denial of service)
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.
Max CVSS
9.3
EPSS Score
60.45%
Published
2009-08-03
Updated
2018-10-03
1 vulnerabilities found