CVE-2012-0441

Mozilla Network Security Services < 3.13.4 - Denial of Service via Zero-Length ASN.1 Item

Title source: llm
STIX 2.1

Description

The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response.

References (13)

Core 13
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49976
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1540-2
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:088
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16701
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=715073
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/53798
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2490
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/50316
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1540-1

Scores

EPSS 0.0295
EPSS Percentile 85.5%

Details

CWE
CWE-119
Status published
Products (37)
mozilla/firefox 4.0 (13 CPE variants)
mozilla/firefox 4.0.1
mozilla/firefox 5.0
mozilla/firefox 5.0.1
mozilla/firefox 6.0
mozilla/firefox 6.0.1
mozilla/firefox 6.0.2
mozilla/firefox 7.0
mozilla/firefox 7.0.1
mozilla/firefox 8.0
... and 27 more
Published Jun 05, 2012
Tracked Since Feb 18, 2026