Heap-based buffer overflow in a regular-expression parser in Mozilla
Network Security Services (NSS) before 3.12.3, as used in Firefox,
Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger
(AIM), allows remote SSL servers to cause a denial of service
(application crash) or possibly execute arbitrary code via a long
domain name in the subject's Common Name (CN) field of an X.509
certificate, related to the cert_TestHostName function.
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before
3.0.13, Thunderbird before 220.127.116.11, and SeaMonkey before 1.1.18 do
not properly handle a '\0' character in a domain name in the subject's
Common Name (CN) field of an X.509 certificate, which allows
man-in-the-middle attackers to spoof arbitrary SSL servers via a
crafted certificate issued by a legitimate Certification Authority.
NOTE: this was originally reported for Firefox before 3.5.
Nothing for mozilla team to do here, none of the affected versions/packages are in-tree anymore.
Added to existing GLSA request.
This issue was resolved and addressed in
GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml
by GLSA coordinator Sean Amoss (ackle).