CVE-2009-2404
EPSS 21.0%icedove - several vulnerabilities
Published: 8/3/2009Modified: 4/28/2026
Description
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.
Affected packages (3)
- Debian/icedovefrom 0, < 2.0.0.24-0lenny1
- Debian/nssfrom 0, < 3.12.3-1
- Debian/nssfrom 0, < 3.12.3.1-0lenny1