CVE-2012-0441 (retired)

Priority
Description
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security
Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox
ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x
before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause
a denial of service (application crash) via a zero-length item, as
demonstrated by (1) a zero-length basic constraint or (2) a zero-length
field in an OCSP response.
Notes
 micahg> xulrunner isn't affected as NSS isn't bundled with it
Assigned-to
mdeslaur
Package
Upstream:released (13.0)
Ubuntu 14.04 LTS (Trusty Tahr):released (14.0~b6+build2-0ubuntu2 )
Package
Source: nss (LP Ubuntu Debian)
Upstream:released (3.13.4)
Ubuntu 14.04 LTS (Trusty Tahr):released (3.13.1.with.ckbi.1.88-1ubuntu7)
Patches:
Vendor:http://anonscm.debian.org/gitweb/?p=pkg-mozilla/nss.git;a=commitdiff;h=6c06f9c38d26a18c6c056c4fd3bd8a9538a3936b
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:released (13.0)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (15.0~b1+build1-0ubuntu1)
Package
Upstream:not-affected
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
More Information

Updated: 2019-03-26 12:00:05 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)