Mozilla Foundation Security Advisory 2016-35

Buffer overflow during ASN.1 decoding in NSS

Announced
March 8, 2016
Reporter
Francis Gabriel
Impact
Critical
Products
Firefox, Firefox ESR, NSS, Thunderbird
Fixed in
  • Firefox 45
  • Firefox ESR 38.7
  • NSS 3.19.2.3
  • NSS 3.21.1
  • Thunderbird 38.7
  • Thunderbird 45

Description

Security researcher Francis Gabriel of Quarkslab reported a heap-based buffer overflow in the way the Network Security Services (NSS) libraries parsed certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause it to crash or execute arbitrary code with the permissions of the user.

This issue has been addressed in the NSS releases shipping on affected Mozilla products:

  • Firefox ESR 38.7 has been updated to 3.19.2.3.
  • Firefox 45 has been updated to 3.21.1.

Projects using NSS 3.21 should update the new 3.21.1 release.

References