Mozilla Foundation Security Advisory 2009-43

Heap overflow in certificate regexp parsing

Announced
August 1, 2009
Reporter
Moxie Marlinspike
Impact
Critical
Products
Firefox, NSS, SeaMonkey, Thunderbird
Fixed in
  • Firefox 3.0.13
  • Firefox 3.5
  • NSS 3.12.3
  • SeaMonkey 1.1.18
  • Thunderbird 2.0.0.23

Description

Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run arbitrary code by presenting a specially crafted certificate to the client. This code provided compatibility with the non-standard regular expression syntax historically supported by Netscape clients and servers. With version 3.5 Firefox switched to the more limited industry-standard wildcard syntax instead and is not vulnerable to this flaw.

References