Endpoint Vulnerability

Buffer overflow during ASN.1 decoding in NSS

Description

Security researcher Francis Gabriel of Quarkslab reported a heap-based buffer overflow in the way the Network Security Services (NSS) libraries parsed certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause it to crash or execute arbitrary code with the permissions of the user.

Affected Products

Firefox,Firefox ESR

References

CVE-2016-1950,