Intrusion Prevention



This indicates an attack attempt against a buffer overflow vulnerability in Mozilla Network Security Services, a library of functionality used by applications such as Mozilla FireFox, Mozilla Thunderbird and others.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted X.509 certificate. It allows a remote attacker to execute arbitrary code.

Affected Products

Network Security Services (NSS) 3.12.2 and previous versions


System Compromise: Remote attackers can gain control of vulnerable systems.
Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Upgrade to Network Security Services (NSS) version 3.12.3:

CVE References