CyberSec.Space Logo
返回 CVE 浏览器

CVE-2009-2404

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1630%
EPSS Percentile38.87th
Published2009年8月3日
Last Modified2026年4月23日

Vulnerability Description

Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.

Affected Platforms (CPE)

📦
Mozilla

Network Security Services

= 3.12.3

References & Advisories

🔗 http://rhn.redhat.com/errata/RHSA-2009-1185.html
🔗 http://secunia.com/advisories/36088
🔗 http://secunia.com/advisories/36102
🔗 http://secunia.com/advisories/36125
🔗 http://secunia.com/advisories/36139
🔗 http://secunia.com/advisories/36157
🔗 http://secunia.com/advisories/36434
🔗 http://secunia.com/advisories/37098

相关漏洞威胁

CVE-2007-285010.0

The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials ...

CVE-2008-386510.0

Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Secu...

CVE-2017-234310.0

The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to ...

CVE-2014-154410.0

Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x,...