You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2013-40

Mozilla Foundation Security Advisory 2013-40

Title: Out-of-bounds array read in CERT_DecodeCertPackage
Impact: Moderate
Announced: April 2, 2013
Reporter: Ambroz Bizjak
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 20.0
  Firefox ESR 17.0.5
  Thunderbird 17.0.5
  Thunderbird ESR 17.0.5
  SeaMonkey 2.17

Description

Mozilla community member Ambroz Bizjak reported an out-of-bounds array read in the CERT_DecodeCertPackage function of the Network Security Services (NSS) libary when decoding a certificate. When this occurs, it will lead to memory corruption and a non-exploitable crash.

References