Description:
K-Meleon 0.9.13 is susceptible to affected to DoS-type memory leak vulnerability disclosed in Mozilla
Network Security Services library implementation. This library is shipped with the newest K-Meleon
browser.
Reportedly the Network Security Services (NSS) library will leak 256 bytes of memory per RSA
cryptographic operation. After a certain amount of time, this causes the system to run out of memory
and may lead to a system hang or panic state.
The following Network Security Services library version was shipped with the newest K-Meleon browser
0.9.13:
C:\Program Files\K-Meleon\nss3.dll (NSS Base Library)
3.9.3.0 (April 2006)
Solution status:
No updated version available from the vendor at the time of reporting.
Timeline:
23-Jun-2006 - Vulnerability researched
25-Jun-2006 - Detailed research
25-Jun-2006 - Vendor was contacted
26-Jun-2006 - Reply from vendor
26-Jun-2006 - Security companies and several CERT units contacted
References:
Sun Alert ID #102461:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102461-1
NSS Project home page:
http://www.mozilla.org/projects/security/pki/nss/
Best regards,
Juha-Matti Laurio
Networksecurity.fi
http://www.networksecurity.fi/