Vulnerabilities > CVE-2009-2404 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Network Security Services 3.12.3

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

mozilla

CWE-119

nessus

NVD

Published: 2009-08-03

Updated: 2018-10-03

Summary

Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.

Vulnerable Configurations

Part	Description	Count
Application	Mozilla Mozilla Network Security Services 3.12.3 Mozilla Firefox * Mozilla Seamonkey * Mozilla Thunderbird *	4
Application	Aol AOL Instant Messenger *	1
Application	Gnome Gnome Evolution *	1
Application	Pidgin Pidgin Pidgin *	1

Common Weakness Enumeration (CWE)

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Common Attack Pattern Enumeration and Classification (CAPEC)

Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
MIME Conversion
An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1874.NASL
description	Several vulnerabilities have been discovered in the Network Security Service libraries. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2404 Moxie Marlinspike discovered that a buffer overflow in the regular expression parser could lead to the execution of arbitrary code. - CVE-2009-2408 Dan Kaminsky discovered that NULL characters in certificate names could lead to man-in-the-middle attacks by tricking the user into accepting a rogue certificate. - CVE-2009-2409 Certificates with MD2 hash signatures are no longer accepted since they
last seen	2020-06-01
modified	2020-06-02
plugin id	44739
published	2010-02-24
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/44739
title	Debian DSA-1874-1 : nss - several vulnerabilities

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2009-1185.NASL
description	Updated SeaMonkey packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library (provided by SeaMonkey) used to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running SeaMonkey. (CVE-2009-2404) Note: in order to exploit this issue without further user interaction, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by SeaMonkey, otherwise SeaMonkey presents the victim with a warning that the certificate is untrusted. Only if the user then accepts the certificate will the overflow take place. All SeaMonkey users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, SeaMonkey must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	40440
published	2009-07-31
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/40440
title	RHEL 3 : seamonkey (RHSA-2009:1185)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_1_LIBFREEBL3-090812.NASL
description	The Mozilla NSS security framework was updated to version 3.12.3.1. CVE-2009-2404 / MFSA 2009-43 : Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject
last seen	2020-06-01
modified	2020-06-02
plugin id	40652
published	2009-08-20
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/40652
title	openSUSE Security Update : libfreebl3 (libfreebl3-1201)

NASL family	SuSE Local Security Checks
NASL id	SUSE_MOZILLA-NSPR-6541.NASL
description	The Mozilla NSS security framework was updated to version 3.12.3.1. - Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject
last seen	2020-06-01
modified	2020-06-02
plugin id	42190
published	2009-10-20
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/42190
title	SuSE 10 Security Update : Mozilla NSS (ZYPP Patch Number 6541)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2009-1207.NASL
description	Updated nspr and nss packages that fix security issues are now available for Red Hat Enterprise Linux 5.2 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. These updated packages upgrade NSS from the previous version, 3.12.2, to a prerelease of version 3.12.4. The version of NSPR has also been upgraded from 4.7.3 to 4.7.4. Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library used by browsers such as Mozilla Firefox to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running the browser. (CVE-2009-2404) Note: in order to exploit this issue without further user interaction in Firefox, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by Firefox, otherwise Firefox presents the victim with a warning that the certificate is untrusted. Only if the user then accepts the certificate will the overflow take place. Dan Kaminsky discovered flaws in the way browsers such as Firefox handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by Firefox, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Firefox into accepting it by mistake. (CVE-2009-2408) Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409) All users of nspr and nss are advised to upgrade to these updated packages, which resolve these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	63889
published	2013-01-24
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/63889
title	RHEL 5 : nspr and nss (RHSA-2009:1207)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2009-1185.NASL
description	From Red Hat Security Advisory 2009:1185 : Updated SeaMonkey packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library (provided by SeaMonkey) used to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running SeaMonkey. (CVE-2009-2404) Note: in order to exploit this issue without further user interaction, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by SeaMonkey, otherwise SeaMonkey presents the victim with a warning that the certificate is untrusted. Only if the user then accepts the certificate will the overflow take place. All SeaMonkey users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, SeaMonkey must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	67903
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67903
title	Oracle Linux 3 : seamonkey (ELSA-2009-1185)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2009-197.NASL
description	Security issues in nss prior to 3.12.3 could lead to a man-in-the-middle attack via a spoofed X.509 certificate (CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also cause a denial-of-service and possible code execution via a long domain name in X.509 certificate (CVE-2009-2404). This update provides the latest versions of NSS and NSPR libraries which are not vulnerable to those attacks. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
last seen	2020-06-01
modified	2020-06-02
plugin id	40522
published	2009-08-10
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/40522
title	Mandriva Linux Security Advisory : nss (MDVSA-2009:197-3)

NASL family	SuSE Local Security Checks
NASL id	SUSE9_12521.NASL
description	seamonkey was updated to version 1.1.18, fixing various security issues : - Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run arbitrary code by presenting a specially crafted certificate to the client. This code provided compatibility with the non-standard regular expression syntax historically supported by Netscape clients and servers. With version 3.5 Firefox switched to the more limited industry-standard wildcard syntax instead and is not vulnerable to this flaw. (MFSA 2009-43 / CVE-2009-2404) - IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. In particular, if a malicious person requested a certificate for a host name with an invalid null character in it most CAs would issue the certificate if the requester owned the domain specified after the null, while most SSL clients (browsers) ignored that part of the name and used the unvalidated part in front of the null. This made it possible for attackers to obtain certificates that would function for any site they wished to target. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions. This vulnerability was independently reported to us by researcher Moxie Marlinspike who also noted that since Firefox relies on SSL to protect the integrity of security updates this attack could be used to serve malicious updates. Mozilla would like to thank Dan and the Microsoft Vulnerability Research team for coordinating a multiple-vendor response to this problem. (MFSA 2009-42 / CVE-2009-2408)
last seen	2020-06-01
modified	2020-06-02
plugin id	42200
published	2009-10-22
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/42200
title	SuSE9 Security Update : epiphany (YOU Patch Number 12521)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2009-1186.NASL
description	Updated nspr and nss packages that fix security issues, bugs, and add an enhancement are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The packages with this update are identical to the packages released by RHBA-2009:1161 on the 20th of July 2009. They are being reissued as a Red Hat Security Advisory as they fixed a number of security issues that were made public today. If you are installing these packages for the first time, they also provide a number of bug fixes and add an enhancement, as detailed in RHBA-2009:1161. Since the packages are identical, there is no need to install this update if RHBA-2009:1161 has already been installed. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. These updated packages upgrade NSS from the previous version, 3.12.2, to a prerelease of version 3.12.4. The version of NSPR has also been upgraded from 4.7.3 to 4.7.4. Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library used by browsers such as Mozilla Firefox to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running the browser. (CVE-2009-2404) Note: in order to exploit this issue without further user interaction in Firefox, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by Firefox, otherwise Firefox presents the victim with a warning that the certificate is untrusted. Only if the user then accepts the certificate will the overflow take place. Dan Kaminsky discovered flaws in the way browsers such as Firefox handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by Firefox, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Firefox into accepting it by mistake. (CVE-2009-2408) Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409) All users of nspr and nss are advised to upgrade to these updated packages, which resolve these issues and add an enhancement.
last seen	2020-06-01
modified	2020-06-02
plugin id	40441
published	2009-07-31
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/40441
title	RHEL 5 : nspr and nss (RHSA-2009:1186)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_0_LIBFREEBL3-090812.NASL
description	The Mozilla NSS security framework was updated to version 3.12.3.1. CVE-2009-2404 / MFSA 2009-43 : Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject
last seen	2020-06-01
modified	2020-06-02
plugin id	40645
published	2009-08-20
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/40645
title	openSUSE Security Update : libfreebl3 (libfreebl3-1201)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20090731_NSPR_AND_NSS_FOR_SL_5_X.NASL
description	CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky) CVE-2009-2408 firefox/nss: doesn
last seen	2020-06-01
modified	2020-06-02
plugin id	60632
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60632
title	Scientific Linux Security Update : nspr and nss for SL 5.x on i386/x86_64

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20090730_SEAMONKEY_ON_SL3_X.NASL
description	CVE-2009-2404 nss regexp heap overflow Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library (provided by SeaMonkey) used to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running SeaMonkey. (CVE-2009-2404) Note: in order to exploit this issue without further user interaction, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by SeaMonkey, otherwise SeaMonkey presents the victim with a warning that the certificate is untrusted. Only if the user then accepts the certificate will the overflow take place. After installing the updated packages, SeaMonkey must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	60630
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60630
title	Scientific Linux Security Update : seamonkey on SL3.x i386/x86_64

NASL family	SuSE Local Security Checks
NASL id	SUSE_SEAMONKEY-6538.NASL
description	seamonkey was updated to version 1.1.18, fixing various security issues : MFSA 2009-43 / CVE-2009-2404 Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run arbitrary code by presenting a specially crafted certificate to the client. This code provided compatibility with the non-standard regular expression syntax historically supported by Netscape clients and servers. With version 3.5 Firefox switched to the more limited industry-standard wildcard syntax instead and is not vulnerable to this flaw. MFSA 2009-42 / CVE-2009-2408: IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. In particular, if a malicious person requested a certificate for a host name with an invalid null character in it most CAs would issue the certificate if the requester owned the domain specified after the null, while most SSL clients (browsers) ignored that part of the name and used the unvalidated part in front of the null. This made it possible for attackers to obtain certificates that would function for any site they wished to target. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions. This vulnerability was independently reported to us by researcher Moxie Marlinspike who also noted that since Firefox relies on SSL to protect the integrity of security updates this attack could be used to serve malicious updates. Mozilla would like to thank Dan and the Microsoft Vulnerability Research team for coordinating a multiple-vendor response to this problem. The update also contains the fixes from the skipped 1.1.17 security update: MFSA 2009-17/CVE-2009-1307: Same-origin violations when Adobe Flash loaded via view-source: scheme MFSA 2009-21/CVE-2009-1311:POST data sent to wrong site when saving web page with embedded frame MFSA 2009-24/CVE-2009-1392/CVE-2009-1832/CVE-2009-1833: Crashes with evidence of memory corruption (rv:1.9.0.11) MFSA 2009-26/CVE-2009-1835: Arbitrary domain cookie access by local file: resources MFSA 2009-27/CVE-2009-1836: SSL tampering via non-200 responses to proxy CONNECT requests MFSA 2009-29/CVE-2009-1838: Arbitrary code execution using event listeners attached to an element whose owner document is null MFSA 2009-32/CVE-2009-1841: JavaScript chrome privilege escalation MFSA 2009-33/CVE-2009-2210: Crash viewing multipart/alternative message with text/enhanced part
last seen	2020-06-01
modified	2020-06-02
plugin id	42327
published	2009-10-30
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/42327
title	openSUSE 10 Security Update : seamonkey (seamonkey-6538)

NASL family	VMware ESX Local Security Checks
NASL id	VMWARE_VMSA-2010-0001_REMOTE.NASL
description	The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Network Security Services (NSS) - NetScape Portable Runtime (NSPR)
last seen	2020-06-01
modified	2020-06-02
plugin id	89735
published	2016-03-08
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/89735
title	VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2010-0001) (remote check)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2009-1184.NASL
description	Updated nspr and nss packages that fix security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. These updated packages upgrade NSS from the previous version, 3.12.2, to a prerelease of version 3.12.4. The version of NSPR has also been upgraded from 4.7.3 to 4.7.4. Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library used by browsers such as Mozilla Firefox to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running the browser. (CVE-2009-2404) Note: in order to exploit this issue without further user interaction in Firefox, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by Firefox, otherwise Firefox presents the victim with a warning that the certificate is untrusted. Only if the user then accepts the certificate will the overflow take place. Dan Kaminsky discovered flaws in the way browsers such as Firefox handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by Firefox, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Firefox into accepting it by mistake. (CVE-2009-2408) Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409) These version upgrades also provide a fix for the following bug : * SSL client authentication failed against an Apache server when it was using the mod_nss module and configured for NSSOCSP. On the client side, the user agent received an error message that referenced
last seen	2020-06-01
modified	2020-06-02
plugin id	40439
published	2009-07-31
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/40439
title	RHEL 4 : nspr and nss (RHSA-2009:1184)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-810-3.NASL
description	USN-810-1 fixed vulnerabilities in NSS. Jozsef Kadlecsik noticed that the new libraries on amd64 did not correctly set stack memory flags, and caused applications using NSS (e.g. Firefox) to have an executable stack. This reduced the effectiveness of some defensive security protections. This update fixes the problem. We apologize for the inconvenience. Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. (CVE-2009-2404) Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2408) Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. (CVE-2009-2409). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	65117
published	2013-03-09
reporter	Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/65117
title	Ubuntu 8.04 LTS / 8.10 / 9.04 : nss regression (USN-810-3)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20090731_NSPR_AND_NSS_FOR_SL_4_X.NASL
description	CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky) CVE-2009-2408 firefox/nss: doesn
last seen	2020-06-01
modified	2020-06-02
plugin id	60631
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60631
title	Scientific Linux Security Update : nspr and nss for SL 4.x on i386/x86_64

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-810-2.NASL
description	USN-810-1 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS. Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. (CVE-2009-2404) Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2408) Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. (CVE-2009-2409). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	40491
published	2009-08-05
reporter	Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/40491
title	Ubuntu 8.04 LTS / 8.10 / 9.04 : nspr update (USN-810-2)

NASL family	Windows
NASL id	MOZILLA_FIREFOX_3013.NASL
description	The installed version of Firefox is earlier than 3.0.13. Such versions are potentially affected by the following security issues : - The browser can be fooled into trusting a malicious SSL server certificate with a null character in the host name. (MFSA 2009-42) - A heap overflow in the code that handles regular expressions in certificate names can lead to arbitrary code execution. (MFSA 2009-43) - The location bar and SSL indicators can be spoofed by calling window.open() on an invalid URL. A remote attacker could use this to perform a phishing attack. (MFSA 2009-44) - Unspecified JavaScript-related vulnerabilities can lead to memory corruption, and possibly arbitrary execution of code. (MFSA 2009-45)
last seen	2020-06-01
modified	2020-06-02
plugin id	40478
published	2009-08-04
reporter	This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/40478
title	Firefox < 3.0.13 Multiple Vulnerabilities

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2009-1190.NASL
description	Updated nspr and nss packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 4.7 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. These updated packages upgrade NSS from the previous version, 3.12.2, to a prerelease of version 3.12.4. The version of NSPR has also been upgraded from 4.7.3 to 4.7.4. Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library used by browsers such as Mozilla Firefox to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running the browser. (CVE-2009-2404) Note: in order to exploit this issue without further user interaction in Firefox, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by Firefox, otherwise Firefox presents the victim with a warning that the certificate is untrusted. Only if the user then accepts the certificate will the overflow take place. Dan Kaminsky discovered flaws in the way browsers such as Firefox handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by Firefox, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Firefox into accepting it by mistake. (CVE-2009-2408) Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409) These version upgrades also provide fixes for the following bugs : * SSL client authentication failed against an Apache server when it was using the mod_nss module and configured for NSSOCSP. On the client side, the user agent received an error message that referenced
last seen	2020-06-01
modified	2020-06-02
plugin id	63888
published	2013-01-24
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/63888
title	RHEL 4 : nspr and nss (RHSA-2009:1190)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_LIBFREEBL3-090812.NASL
description	The Mozilla NSS security framework was updated to version 3.12.3.1. - Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject
last seen	2020-06-01
modified	2020-06-02
plugin id	41419
published	2009-09-24
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/41419
title	SuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 1199)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_0_SEAMONKEY-091007.NASL
description	seamonkey was updated to version 1.1.18, fixing various security issues : MFSA 2009-43 / CVE-2009-2404 Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run arbitrary code by presenting a specially crafted certificate to the client. This code provided compatibility with the non-standard regular expression syntax historically supported by Netscape clients and servers. With version 3.5 Firefox switched to the more limited industry-standard wildcard syntax instead and is not vulnerable to this flaw. MFSA 2009-42 / CVE-2009-2408: IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. In particular, if a malicious person requested a certificate for a host name with an invalid null character in it most CAs would issue the certificate if the requester owned the domain specified after the null, while most SSL clients (browsers) ignored that part of the name and used the unvalidated part in front of the null. This made it possible for attackers to obtain certificates that would function for any site they wished to target. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions. This vulnerability was independently reported to us by researcher Moxie Marlinspike who also noted that since Firefox relies on SSL to protect the integrity of security updates this attack could be used to serve malicious updates. Mozilla would like to thank Dan and the Microsoft Vulnerability Research team for coordinating a multiple-vendor response to this problem. The update also contains the fixes from the skipped 1.1.17 security update: MFSA 2009-17/CVE-2009-1307: Same-origin violations when Adobe Flash loaded via view-source: scheme MFSA 2009-21/CVE-2009-1311:POST data sent to wrong site when saving web page with embedded frame MFSA 2009-24/CVE-2009-1392/CVE-2009-1832/CVE-2009-1833: Crashes with evidence of memory corruption (rv:1.9.0.11) MFSA 2009-26/CVE-2009-1835: Arbitrary domain cookie access by local file: resources MFSA 2009-27/CVE-2009-1836: SSL tampering via non-200 responses to proxy CONNECT requests MFSA 2009-29/CVE-2009-1838: Arbitrary code execution using event listeners attached to an element whose owner document is null MFSA 2009-32/CVE-2009-1841: JavaScript chrome privilege escalation MFSA 2009-33/CVE-2009-2210: Crash viewing multipart/alternative message with text/enhanced part
last seen	2020-06-01
modified	2020-06-02
plugin id	42202
published	2009-10-22
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/42202
title	openSUSE Security Update : seamonkey (seamonkey-1364)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-810-1.NASL
description	Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. (CVE-2009-2404) Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2408) Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. (CVE-2009-2409). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	40490
published	2009-08-05
reporter	Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/40490
title	Ubuntu 8.04 LTS / 8.10 / 9.04 : nss vulnerabilities (USN-810-1)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201301-01.NASL
description	The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	63402
published	2013-01-08
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/63402
title	GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2009-1184.NASL
description	From Red Hat Security Advisory 2009:1184 : Updated nspr and nss packages that fix security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. These updated packages upgrade NSS from the previous version, 3.12.2, to a prerelease of version 3.12.4. The version of NSPR has also been upgraded from 4.7.3 to 4.7.4. Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library used by browsers such as Mozilla Firefox to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running the browser. (CVE-2009-2404) Note: in order to exploit this issue without further user interaction in Firefox, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by Firefox, otherwise Firefox presents the victim with a warning that the certificate is untrusted. Only if the user then accepts the certificate will the overflow take place. Dan Kaminsky discovered flaws in the way browsers such as Firefox handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by Firefox, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Firefox into accepting it by mistake. (CVE-2009-2408) Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409) These version upgrades also provide a fix for the following bug : * SSL client authentication failed against an Apache server when it was using the mod_nss module and configured for NSSOCSP. On the client side, the user agent received an error message that referenced
last seen	2020-06-01
modified	2020-06-02
plugin id	67902
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67902
title	Oracle Linux 4 / 5 : nspr / nss (ELSA-2009-1184)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_49E8F2EE814711DEA9940030843D3802.NASL
description	Mozilla Project reports : MFSA 2009-38: Data corruption with SOCKS5 reply containing DNS name longer than 15 characters MFSA 2009-42: Compromise of SSL-protected communication MFSA 2009-43: Heap overflow in certificate regexp parsing MFSA 2009-44: Location bar and SSL indicator spoofing via window.open() on invalid URL MFSA 2009-45: Crashes with evidence of memory corruption (rv:1.9.1.2/1.9.0.13) MFSA 2009-46: Chrome privilege escalation due to incorrectly cached wrapper
last seen	2020-06-01
modified	2020-06-02
plugin id	40485
published	2009-08-05
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/40485
title	FreeBSD : mozilla -- multiple vulnerabilities (49e8f2ee-8147-11de-a994-0030843d3802)

NASL family	SuSE Local Security Checks
NASL id	SUSE_LIBFREEBL3-6494.NASL
description	The Mozilla NSS and dependend libraries were updated to fix various issues. CVE-2009-2404 / MFSA 2009-43 : Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject
last seen	2020-06-01
modified	2020-06-02
plugin id	42013
published	2009-10-06
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/42013
title	openSUSE 10 Security Update : libfreebl3 (libfreebl3-6494)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_1_SEAMONKEY-091007.NASL
description	seamonkey was updated to version 1.1.18, fixing various security issues : MFSA 2009-43 / CVE-2009-2404 Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run arbitrary code by presenting a specially crafted certificate to the client. This code provided compatibility with the non-standard regular expression syntax historically supported by Netscape clients and servers. With version 3.5 Firefox switched to the more limited industry-standard wildcard syntax instead and is not vulnerable to this flaw. MFSA 2009-42 / CVE-2009-2408: IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. In particular, if a malicious person requested a certificate for a host name with an invalid null character in it most CAs would issue the certificate if the requester owned the domain specified after the null, while most SSL clients (browsers) ignored that part of the name and used the unvalidated part in front of the null. This made it possible for attackers to obtain certificates that would function for any site they wished to target. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions. This vulnerability was independently reported to us by researcher Moxie Marlinspike who also noted that since Firefox relies on SSL to protect the integrity of security updates this attack could be used to serve malicious updates. Mozilla would like to thank Dan and the Microsoft Vulnerability Research team for coordinating a multiple-vendor response to this problem. The update also contains the fixes from the skipped 1.1.17 security update: MFSA 2009-17/CVE-2009-1307: Same-origin violations when Adobe Flash loaded via view-source: scheme MFSA 2009-21/CVE-2009-1311:POST data sent to wrong site when saving web page with embedded frame MFSA 2009-24/CVE-2009-1392/CVE-2009-1832/CVE-2009-1833: Crashes with evidence of memory corruption (rv:1.9.0.11) MFSA 2009-26/CVE-2009-1835: Arbitrary domain cookie access by local file: resources MFSA 2009-27/CVE-2009-1836: SSL tampering via non-200 responses to proxy CONNECT requests MFSA 2009-29/CVE-2009-1838: Arbitrary code execution using event listeners attached to an element whose owner document is null MFSA 2009-32/CVE-2009-1841: JavaScript chrome privilege escalation MFSA 2009-33/CVE-2009-2210: Crash viewing multipart/alternative message with text/enhanced part
last seen	2020-06-01
modified	2020-06-02
plugin id	42206
published	2009-10-22
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/42206
title	openSUSE Security Update : seamonkey (seamonkey-1364)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-2025.NASL
description	Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2408 Dan Kaminsky and Moxie Marlinspike discovered that icedove does not properly handle a
last seen	2020-06-01
modified	2020-06-02
plugin id	45397
published	2010-04-01
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/45397
title	Debian DSA-2025-1 : icedove - several vulnerabilities

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2009-1185.NASL
description	Updated SeaMonkey packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library (provided by SeaMonkey) used to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running SeaMonkey. (CVE-2009-2404) Note: in order to exploit this issue without further user interaction, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by SeaMonkey, otherwise SeaMonkey presents the victim with a warning that the certificate is untrusted. Only if the user then accepts the certificate will the overflow take place. All SeaMonkey users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, SeaMonkey must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	40437
published	2009-07-31
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/40437
title	CentOS 3 : seamonkey (CESA-2009:1185)

NASL family	Windows
NASL id	SEAMONKEY_1118.NASL
description	The installed version of SeaMonkey is earlier than 1.1.18. Such versions are potentially affected by the following security issues : - The browser can be fooled into trusting a malicious SSL server certificate with a null character in the host name. (MFSA 2009-42) - A heap overflow in the code that handles regular expressions in certificate names can lead to arbitrary code execution. (MFSA 2009-43)
last seen	2020-06-01
modified	2020-06-02
plugin id	40874
published	2009-09-04
reporter	This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/40874
title	SeaMonkey < 1.1.18 Multiple Vulnerabilities

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2009-198.NASL
description	Security issues were identified and fixed in firefox 3.0.x : Security researcher Juan Pablo Lopez Yacubian reported that an attacker could call window.open() on an invalid URL which looks similar to a legitimate URL and then use document.write() to place content within the new document, appearing to have come from the spoofed location (CVE-2009-2654). Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run arbitrary code by presenting a specially crafted certificate to the client (CVE-2009-2404). IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions (CVE-2009-2408). This update provides the latest Mozilla Firefox 3.0.x to correct these issues. Additionally, some packages which require so, have been rebuilt and are being provided as updates.
last seen	2020-06-01
modified	2020-06-02
plugin id	40523
published	2009-08-10
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/40523
title	Mandriva Linux Security Advisory : firefox (MDVSA-2009:198)

NASL family	VMware ESX Local Security Checks
NASL id	VMWARE_VMSA-2010-0001.NASL
description	a. Update for Service Console packages nss and nspr Service console packages for Network Security Services (NSS) and NetScape Portable Runtime (NSPR) are updated to versions nss-3.12.3.99.3-1.2157 and nspr-4.7.6-1.2213 respectively. This patch fixes several security issues in the service console packages for NSS and NSPR. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-2409, CVE-2009-2408, CVE-2009-2404, CVE-2009-1563, CVE-2009-3274, CVE-2009-3370, CVE-2009-3372, CVE-2009-3373, CVE-2009-3374, CVE-2009-3375, CVE-2009-3376, CVE-2009-3380, and CVE-2009-3382 to these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	43826
published	2010-01-08
reporter	This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/43826
title	VMSA-2010-0001 : ESX Service Console and vMA updates for nss and nspr

Oval

accepted

2013-04-29T04:12:03.787-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990
comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:11174

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

accepted

2014-01-20T04:01:41.477-05:00

class

vulnerability

contributors

name Pai Peng
organization Hewlett-Packard
name Chris Coffin
organization The MITRE Corporation

definition_extensions

comment	VMware ESX Server 4.0 is installed
oval	oval:org.mitre.oval:def:6293

description

family

unix

oval:org.mitre.oval:def:8658

status

accepted

submitted

2010-03-18T13:00:53.000-04:00

title

VMware Network Security Services (NSS) heap-based buffer overflow vulnerability

version

Redhat

advisories

rhsa
id RHSA-2009:1185
rhsa
id RHSA-2009:1207

rpms

nspr-0:4.7.4-1.el4_8.1
nspr-debuginfo-0:4.7.4-1.el4_8.1
nspr-devel-0:4.7.4-1.el4_8.1
nss-0:3.12.3.99.3-1.el4_8.2
nss-debuginfo-0:3.12.3.99.3-1.el4_8.2
nss-devel-0:3.12.3.99.3-1.el4_8.2
nss-tools-0:3.12.3.99.3-1.el4_8.2
seamonkey-0:1.0.9-0.41.el3
seamonkey-chat-0:1.0.9-0.41.el3
seamonkey-debuginfo-0:1.0.9-0.41.el3
seamonkey-devel-0:1.0.9-0.41.el3
seamonkey-dom-inspector-0:1.0.9-0.41.el3
seamonkey-js-debugger-0:1.0.9-0.41.el3
seamonkey-mail-0:1.0.9-0.41.el3
seamonkey-nspr-0:1.0.9-0.41.el3
seamonkey-nspr-devel-0:1.0.9-0.41.el3
seamonkey-nss-0:1.0.9-0.41.el3
seamonkey-nss-devel-0:1.0.9-0.41.el3
nspr-0:4.7.4-1.el5_3.1
nspr-debuginfo-0:4.7.4-1.el5_3.1
nspr-devel-0:4.7.4-1.el5_3.1
nss-0:3.12.3.99.3-1.el5_3.2
nss-debuginfo-0:3.12.3.99.3-1.el5_3.2
nss-devel-0:3.12.3.99.3-1.el5_3.2
nss-pkcs11-devel-0:3.12.3.99.3-1.el5_3.2
nss-tools-0:3.12.3.99.3-1.el5_3.2
nspr-0:4.7.4-1.el4_7.1
nspr-debuginfo-0:4.7.4-1.el4_7.1
nspr-devel-0:4.7.4-1.el4_7.1
nss-0:3.12.3.99.3-1.el4_7.6
nss-debuginfo-0:3.12.3.99.3-1.el4_7.6
nss-devel-0:3.12.3.99.3-1.el4_7.6
nspr-0:4.7.4-1.el5_2
nspr-debuginfo-0:4.7.4-1.el5_2
nspr-devel-0:4.7.4-1.el5_2
nss-0:3.12.3.99.3-1.el5_2
nss-debuginfo-0:3.12.3.99.3-1.el5_2
nss-devel-0:3.12.3.99.3-1.el5_2
nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2
nss-tools-0:3.12.3.99.3-1.el5_2

Seebug

bulletinFamily	exploit
description	Bugraq ID: 35891 CVE ID：CVE-2009-2404 Mozilla SeaMonkey是一款开源的WEB应用程序套件。 Mozilla SeaMonkey处理用于匹配SSL证书中的公用名的规则表达式代码存在缓冲区溢出，远程攻击者可以利用漏洞以应用程序权限执行任意指令。构建恶意的证书，诱使用户使用Mozilla SeaMonkey处理可触发此漏洞。攻击者要利用此漏洞需要使SeaMonkey认为这个证书可信，否则会显示警告消息。 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop 5 client RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux Desktop version 4 RedHat Enterprise Linux 5 server RedHat Desktop 3.0 Mozilla SeaMonkey 1.0.8 Mozilla SeaMonkey 1.0.7 Mozilla SeaMonkey 1.0.6 Mozilla SeaMonkey 1.0.5 Mozilla SeaMonkey 1.0.3 Mozilla SeaMonkey 1.0.2 Mozilla SeaMonkey 1.0.1 Mozilla SeaMonkey 1.0 dev Mozilla SeaMonkey 1.0 Mozilla Network Security Services (NSS) 3.12.2 Mozilla Network Security Services (NSS) 3.11.3 Mozilla Network Security Services (NSS) 3.9.2 Mozilla Network Security Services (NSS) 3.9 + Mozilla Browser 1.5 Mozilla Network Security Services (NSS) 3.8 + Galeon Galeon Browser 1.2.13 + Mozilla Browser 1.4.1 + Mozilla Browser 1.4.1 + Mozilla Browser 1.4 b + Mozilla Browser 1.4 b + Mozilla Browser 1.4 a + Mozilla Browser 1.4 a + Mozilla Browser 1.4 + Mozilla Browser 1.4 Mozilla Network Security Services (NSS) 3.7.7 Mozilla Network Security Services (NSS) 3.7.5 Mozilla Network Security Services (NSS) 3.7.3 Mozilla Network Security Services (NSS) 3.7.2 Mozilla Network Security Services (NSS) 3.7.1 Mozilla Network Security Services (NSS) 3.7 Mozilla Network Security Services (NSS) 3.6.1 Mozilla Network Security Services (NSS) 3.6 Mozilla Network Security Services (NSS) 3.6 Mozilla Network Security Services (NSS) 3.5 Mozilla Network Security Services (NSS) 3.4.2 Mozilla Network Security Services (NSS) 3.4.1 Mozilla Network Security Services (NSS) 3.4 Mozilla Network Security Services (NSS) 3.3.2 Mozilla Network Security Services (NSS) 3.3.1 Mozilla Network Security Services (NSS) 3.3 Mozilla Network Security Services (NSS) 3.2.1 Mozilla Network Security Services (NSS) 3.2 Mozilla Network Security Services (NSS) 3.12 Mozilla Network Security Services (NSS) 3.11 厂商解决方案用户可联系供应商获得最新程序Mozilla SeaMonkey 1.0.9： http://www.mozilla.org/projects/seamonkey/
id	SSV:11949
last seen	2017-11-19
modified	2009-07-31
published	2009-07-31
reporter	Root
title	Mozilla SeaMonkey规则表达式解析堆缓冲区溢出漏洞

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Oval

Redhat

Seebug

References