Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMozilla Firefox
APPMozilla38.038.0.138.0.538.1.038.1.138.2.038.2.138.3.0≤ 41.0.2Mozilla Network Security Services
APPMozilla3.20.0≤ 3.19.2.0Oracle Glassfish Server
APPOracle2.1.1Oracle Iplanet Web Proxy Server
APPOracle4.0Oracle Iplanet Web Server
APPOracle7.0Oracle Opensso
APPOracle3.0-0.7Oracle Traffic Director
APPOracle11.1.1.7.011.1.1.9.0
Related vulnerabilities
Use-after-free w Animation timelines Firefox/Thunderbird — RCE
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escap...
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes ...
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before...
Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we ...