CVE-2012-0441
Mozilla Network Security Services < 3.13.4 - Denial of Service via Zero-Length ASN.1 Item
Title source: llmDescription
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response.
References (13)
Core 13
Core References
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2012/mfsa2012-39.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49976
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1540-2
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:088
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16701
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=715073
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53798
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2490
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/50316
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1540-1
Scores
EPSS
0.0295
EPSS Percentile
85.5%
Details
CWE
CWE-119
Status
published
Products (37)
mozilla/firefox
4.0 (13 CPE variants)
mozilla/firefox
4.0.1
mozilla/firefox
5.0
mozilla/firefox
5.0.1
mozilla/firefox
6.0
mozilla/firefox
6.0.1
mozilla/firefox
6.0.2
mozilla/firefox
7.0
mozilla/firefox
7.0.1
mozilla/firefox
8.0
... and 27 more
Published
Jun 05, 2012
Tracked Since
Feb 18, 2026