A vulnerability in the way Mozilla Network Security Services (NSS) handles malformed SSLv2 server messages may lead to execution of arbitrary code.
The SSLv2 protocol uses a client master key to generate all subsequent session keys. The client master key is created using a public key recieved from the server during phase one of the SSL handshake. Mozilla NSS library contains a vulnerability in the way malformed SSLv2 server messages related to the public key are handled that may result in a buffer overflow. According to the Mozilla Foundation Security Advisory 2007-06:
SSL clients such as Firefox and Thunderbird can suffer a buffer overflow if a malicious server presents a certificate with a public key that is too small to encrypt the entire "Master Secret". Exploiting this overflow appears to be unreliable but possible if the SSLv2 protocol is enabled.
A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user who is running the vulnerable application or cause a denial of service.
This vulnerability was reported in Mozilla Foundation Security Advisory 2007-06. Mozilla credits iDefense with reporting this issue.
This document was written by Chris Taschner.
|Date First Published:||2007-03-07|
|Date Last Updated:||2007-04-05 18:39 UTC|