Description:
Mozilla Firefox 1.5.0.4 is susceptible to affected to DoS-type memory leak vulnerability disclosed in
Mozilla Network Security Services library implementation.
Reportedly the Network Security Services (NSS) library will leak 256 bytes of memory per RSA
cryptographic operation. After a certain amount of time, this causes the system to run out of memory
and may lead to a system hang or panic state.
The following Network Security Services library version was shipped with the newest Mozilla Firefox
1.5.0.4:
C:\Program Files\Mozilla Firefox\nss3.dll (NSS Base Library)
3.10.2.0 (August 2005)
Reportedly library version 3.11 is affected.
This product is affected because of affected library used with this browser version.
Solution status:
No updated version available from the vendor at the time of reporting.
Vendor status:
Vendor was contacted on 23th June 2006.
References:
Sun Alert ID #102461:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102461-1
NSS Project home page:
http://www.mozilla.org/projects/security/pki/nss/
Best regards,
Juha-Matti Laurio
Networksecurity.fi
http://www.networksecurity.fi/