CVE - CVE-2009-2404

CVE-ID
CVE-2009-2404	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1021030 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1~~ (Obsolete source) MISC:1021699 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1~~ (Obsolete source) MISC:273910 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1~~ (Obsolete source) MISC:35891 URL:http://www.securityfocus.com/bid/35891 MISC:36088 URL:http://secunia.com/advisories/36088 MISC:36102 URL:http://secunia.com/advisories/36102 MISC:36125 URL:http://secunia.com/advisories/36125 MISC:36139 URL:http://secunia.com/advisories/36139 MISC:36157 URL:http://secunia.com/advisories/36157 MISC:36434 URL:http://secunia.com/advisories/36434 MISC:37098 URL:http://secunia.com/advisories/37098 MISC:39428 URL:http://secunia.com/advisories/39428 MISC:ADV-2009-2085 URL:~~http://www.vupen.com/english/advisories/2009/2085~~ (Obsolete source) MISC:DSA-1874 URL:http://www.debian.org/security/2009/dsa-1874 MISC:MDVSA-2009:197 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:197~~ (Obsolete source) MISC:MDVSA-2009:216 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:216~~ (Obsolete source) MISC:RHSA-2009:1185 URL:http://rhn.redhat.com/errata/RHSA-2009-1185.html MISC:RHSA-2009:1207 URL:http://www.redhat.com/support/errata/RHSA-2009-1207.html MISC:SUSE-SA:2009:048 URL:http://www.novell.com/linux/security/advisories/2009_48_firefox.html MISC:TA10-103B URL:http://www.us-cert.gov/cas/techalerts/TA10-103B.html MISC:USN-810-1 URL:http://www.ubuntu.com/usn/usn-810-1 MISC:USN-810-2 URL:https://usn.ubuntu.com/810-2/ MISC:http://www.blackhat.com/presentations/bh-usa-09/MARLINSPIKE/BHUSA09-Marlinspike-DefeatSSL-SLIDES.pdf URL:http://www.blackhat.com/presentations/bh-usa-09/MARLINSPIKE/BHUSA09-Marlinspike-DefeatSSL-SLIDES.pdf MISC:http://www.mozilla.org/security/announce/2009/mfsa2009-43.html URL:http://www.mozilla.org/security/announce/2009/mfsa2009-43.html MISC:http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html URL:http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html MISC:https://bugzilla.redhat.com/show_bug.cgi?id=512912 URL:https://bugzilla.redhat.com/show_bug.cgi?id=512912 MISC:oval:org.mitre.oval:def:11174 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11174 MISC:oval:org.mitre.oval:def:8658 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8658
Assigning CNA
Red Hat, Inc.
Date Record Created
20090709	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090709)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)