Buffer overflow during ASN.1 decoding in NSS
- March 8, 2016
- Francis Gabriel
- Firefox, Firefox ESR, NSS, Thunderbird
- Fixed in
- Firefox 45
- Firefox ESR 38.7
- NSS 126.96.36.199
- NSS 3.21.1
- Thunderbird 38.7
- Thunderbird 45
Security researcher Francis Gabriel of Quarkslab reported a heap-based buffer overflow in the way the Network Security Services (NSS) libraries parsed certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause it to crash or execute arbitrary code with the permissions of the user.
This issue has been addressed in the NSS releases shipping on affected Mozilla products:
- Firefox ESR 38.7 has been updated to 188.8.131.52.
- Firefox 45 has been updated to 3.21.1.
Projects using NSS 3.21 should update the new 3.21.1 release.