Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13290
HistoryJun 23, 2006 - 12:00 a.m.

Mozilla Firefox NSS Library Memory Leak Vulnerability

2006-06-2300:00:00
vulners.com
8
JSON

Description:
Mozilla Firefox 1.5.0.4 is susceptible to affected to DoS-type memory leak vulnerability disclosed in
Mozilla Network Security Services library implementation.

Reportedly the Network Security Services (NSS) library will leak 256 bytes of memory per RSA
cryptographic operation. After a certain amount of time, this causes the system to run out of memory
and may lead to a system hang or panic state.

The following Network Security Services library version was shipped with the newest Mozilla Firefox
1.5.0.4:
C:\Program Files\Mozilla Firefox\nss3.dll (NSS Base Library)
3.10.2.0 (August 2005)

Reportedly library version 3.11 is affected.

This product is affected because of affected library used with this browser version.

Solution status:
No updated version available from the vendor at the time of reporting.

Vendor status:
Vendor was contacted on 23th June 2006.

References:
Sun Alert ID #102461:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102461-1

NSS Project home page:
http://www.mozilla.org/projects/security/pki/nss/

Best regards,
Juha-Matti Laurio
Networksecurity.fi
http://www.networksecurity.fi/

JSON