Intrusion Prevention

Mozilla.NSS.SSLv2.Client.Integer.Underflow

Description

This indicates a possible exploit of a buffer-underflow vulnerability in the SSLv2 support in Mozilla Network Security Services (NSS).
This vulnerability is due to a buffer-underflow error in the Network Security Services (NSS) when processing a certificate with a public key that is too small to encrypt the "Master Secret". This error also occurs when handling invalid parameters while negotiating an SSLv2 session. A remote attacker may exploit this to execute arbitrary code.

Affected Products

Mozilla Thunderbird versions prior to 1.5.0.10

Impact

System compromise: Remote code execution.

Recommended Actions

Upgrade to Network Security Services (NSS) version 3.11.5:
http://www.mozilla.org/projects/security/pki/nss/

CVE References

CVE-2007-0008