Lookup for vulnerabilities affecting packages.
| Vulnerability_id | VCID-1j51-1nhr-53fd |
|---|
| Summary | iDefense
has informed Mozilla about two potential buffer overflow
vulnerabilities found by researcher regenrecht
in the Network Security Services (NSS) code for processing
the SSLv2 protocol.SSL clients such as Firefox and Thunderbird can suffer
a buffer overflow if a malicious server presents a certificate
with a public key that is too small to encrypt the entire
"Master Secret". Exploiting this overflow appears to be
unreliable but possible if the SSLv2 protocol is enabled.Servers that use NSS
for the SSLv2 protocol can be exploited by
a client that presents a "Client Master Key" with invalid length
values in any of several fields that are used without adequate
error checking. This can lead to a buffer overflow that
presumably could be exploitable.Support for SSLv2 is disabled in Firefox 2 due to other known
weaknesses in the protocol; Firefox 2 is not vulnerable unless
the user has modified hidden internal NSS settings to
re-enable SSLv2 support. |
|---|
| Aliases |
|
|---|
| Fixed_packages |
|
|---|
| Affected_packages |
|
|---|
| References |
|
|---|
| Weaknesses |
|
|---|
| Exploits |
|
|---|
| Severity_range_score | 9.0 - 10.0 |
|---|
| Exploitability | null |
|---|
| Weighted_severity | null |
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/vulnerabilities/VCID-1j51-1nhr-53fd |
|---|