Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla NSS库证书正则表达式解析堆溢出漏洞
Vulnerability Description
网络安全服务(NSS)是一套用于跨平台开发启用了安全功能的客户端和服务器应用的库,用NSS编译的应用可以支持SSLv2、SSLv3、TLS等安全标准。 Firefox等浏览器所使用的用于匹配证书中公用名的NSS库正则表达式解析器中存在堆溢出。恶意网站可以提供特制的证书触发堆溢出,导致崩溃或以运行浏览器用户的权限执行任意指令。 以下是NSS库中的有漏洞代码段: security/nss/lib/util/portreg.c: 141 static int 142 _handle_union(const ch
CVSS Information
N/A
Vulnerability Type
N/A