|Integer underflow in the SSLv2 support in Mozilla Network Security
Services (NSS) before 3.11.5, as used by Firefox before 22.214.171.124 and
2.x before 126.96.36.199, SeaMonkey before 1.0.8, Thunderbird before
188.8.131.52, and certain Sun Java System server products before 20070611,
allows remote attackers to execute arbitrary code via a crafted SSLv2
server message containing a public key that is too short to encrypt
the "Master Secret", which results in a heap-based overflow.