 |
|
|
|
Description:
Netscape Browser 8.1 is susceptible to affected to DoS-type memory leak vulnerability disclosed in
Mozilla Network Security Services library implementation. This library is shipped with the newest
Netscape browser.
Reportedly the Network Security Services (NSS) library will leak 256 bytes of memory per RSA
cryptographic operation. After a certain amount of time, this causes the system to run out of memory
and may lead to a system hang or panic state.
The following Network Security Services library version was shipped with the newest Netscape Browser
8.1:
C:\Program Files\Netscape\Netscape Browser\nss3.dll (NSS Base Library)
3.9.3.0 (January 2006)
Copyright (c) 1994-2001 Netscape Communications Corporation
Solution status:
No updated version available from the vendor at the time of reporting.
Timeline:
23-Jun-2006 - Vulnerability researched
26-Jun-2006 - Detailed research
26-Jun-2006 - Vendor and Netscape developers was contacted
26-Jun-2006 - Security companies and several CERT units contacted
References:
Sun Alert ID #102461:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102461-1
NSS Project home page:
http://www.mozilla.org/projects/security/pki/nss/
Best regards,
Juha-Matti Laurio
Networksecurity.fi
http://www.networksecurity.fi/
|
|
|
|
|
|
|
|
