Информационная безопасность
[RU] switch to English


Дополнительная информация

  Многочисленные уязвимости безопасности в Mozilla Firefox, Thunderbird, SeaMonkey, NSS

  Mozilla Foundation Security Advisory 2009-46

  Mozilla Foundation Security Advisory 2009-45

  Mozilla Foundation Security Advisory 2009-44

  Mozilla Foundation Security Advisory 2009-38

From:MOZILLA
Date:7 августа 2009 г.
Subject:Mozilla Foundation Security Advisory 2009-43

Mozilla Foundation Security Advisory 2009-43

Title: Heap overflow in certificate regexp parsing
Impact: Critical
Announced: August 1, 2009
Reporter: Moxie Marlinspike
Products: Firefox, Thunderbird, SeaMonkey, NSS

Fixed in: Firefox 3.5
 NSS 3.12.3
Description

Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run arbitrary code by presenting a specially crafted certificate to the client. This code provided compatibility with the non-standard regular expression syntax historically supported by Netscape clients and servers. With version 3.5 Firefox switched to the more limited industry-standard wildcard syntax instead and is not vulnerable to this flaw.
References

   * https://bugzilla.mozilla.org/show_bug.cgi?id=504456
   * CVE-2009-2404

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород