Mozilla.NSS.SSLv2.Client.Integer.Underflow
Description
This indicates a possible exploit of a buffer-underflow vulnerability in the SSLv2 support in Mozilla Network Security Services (NSS).
This vulnerability is due to a buffer-underflow error in the Network Security Services (NSS) when processing a certificate with a public key that is too small to encrypt the "Master Secret". This error also occurs when handling invalid parameters while negotiating an SSLv2 session. A remote attacker may exploit this to execute arbitrary code.
Affected Products
Mozilla Thunderbird versions prior to 1.5.0.10
Impact
System compromise: Remote code execution.
Recommended Actions
Upgrade to Network Security Services (NSS) version 3.11.5:
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |