CVE-2009-2404
EPSS 21.0%icedove - several vulnerabilities
發布日:2009/8/3修改日:2026/4/28
描述
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.
受影響套件(3)
- Debian/icedovefrom 0, < 2.0.0.24-0lenny1
- Debian/nssfrom 0, < 3.12.3-1
- Debian/nssfrom 0, < 3.12.3.1-0lenny1