CVE-2009-2404

Common Vulnerabilities and Exposures

Upstream information

CVE-2009-2404 at MITRE

Description

Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.

NVD CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entry: 522602, 544910

SUSE Security Advisories:

SUSE-SA:2009:048, published Tue, 20 Oct 2009 17:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
Novell Linux POS 9 Open Enterprise Server SUSE CORE 9 for AMD64 and Intel EM64T SUSE CORE 9 for IBM POWER SUSE CORE 9 for IBM S/390 31bit SUSE CORE 9 for IBM zSeries 64bit SUSE CORE 9 for Itanium Processor Family SUSE CORE 9 for x86	`mozilla >= 1.8_seamonkey_1.1.18-0.1` `mozilla-devel >= 1.8_seamonkey_1.1.18-0.1` `mozilla-dom-inspector >= 1.8_seamonkey_1.1.18-0.1` `mozilla-irc >= 1.8_seamonkey_1.1.18-0.1` `mozilla-mail >= 1.8_seamonkey_1.1.18-0.1` `mozilla-venkman >= 1.8_seamonkey_1.1.18-0.1`	sles9-nld.x86-64 core9.ppc core9.ia64 sles9-nlpos.x86 core9.s390 core9.x86 sles9-nld.x86 core9.x86-64 sles9-oes.x86 core9.s390x YOU Patch Nr: 12521
Novell Linux Desktop 9 for x86 Novell Linux Desktop 9 for x86_64	`epiphany >= 1.2.10-0.10` `epiphany-doc >= 1.2.10-0.10` `epiphany-extensions >= 0.8.2-2.11` `epiphany-extensions-devel >= 0.8.2-2.11` `mozilla >= 1.8_seamonkey_1.1.18-0.1` `mozilla-devel >= 1.8_seamonkey_1.1.18-0.1` `mozilla-dom-inspector >= 1.8_seamonkey_1.1.18-0.1` `mozilla-irc >= 1.8_seamonkey_1.1.18-0.1` `mozilla-mail >= 1.8_seamonkey_1.1.18-0.1` `mozilla-venkman >= 1.8_seamonkey_1.1.18-0.1`	sles9-nld.x86-64 core9.ppc core9.ia64 sles9-nlpos.x86 core9.s390 core9.x86 sles9-nld.x86 core9.x86-64 sles9-oes.x86 core9.s390x YOU Patch Nr: 12521
SUSE Linux Enterprise Desktop 10 SP2 for x86	`mozilla-nspr >= 4.8-1.4.2` `mozilla-nspr-devel >= 4.8-1.4.2` `mozilla-nss >= 3.12.3.1-1.4.2` `mozilla-nss-devel >= 3.12.3.1-1.4.2` `mozilla-nss-tools >= 3.12.3.1-1.4.2`	sled10-sp2.x86-64 sles10-sp2.s390x sle10-sp2-sdk.x86 sles10-sp2.ppc sle10-sp2-sdk.s390x sled10-sp2.x86 sles10-sp2.x86-64 sle10-sp2-sdk.ppc sle10-sp2-sdk.x86-64 sles10-sp2.x86 sle10-sp2-sdk.ia64 sles10-sp2.ia64 ZYPP Patch Nr: 6541
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T	`mozilla-nspr >= 4.8-1.4.2` `mozilla-nspr-32bit >= 4.8-1.4.2` `mozilla-nspr-devel >= 4.8-1.4.2` `mozilla-nss >= 3.12.3.1-1.4.2` `mozilla-nss-32bit >= 3.12.3.1-1.4.2` `mozilla-nss-devel >= 3.12.3.1-1.4.2` `mozilla-nss-tools >= 3.12.3.1-1.4.2`	sled10-sp2.x86-64 sles10-sp2.s390x sle10-sp2-sdk.x86 sles10-sp2.ppc sle10-sp2-sdk.s390x sled10-sp2.x86 sles10-sp2.x86-64 sle10-sp2-sdk.ppc sle10-sp2-sdk.x86-64 sles10-sp2.x86 sle10-sp2-sdk.ia64 sles10-sp2.ia64 ZYPP Patch Nr: 6541
SUSE Linux Enterprise Server 10 SP2 for x86	`mozilla-nspr >= 4.8-1.4.2` `mozilla-nspr-devel >= 4.8-1.4.2` `mozilla-nss >= 3.12.3.1-1.4.2` `mozilla-nss-devel >= 3.12.3.1-1.4.2`	sled10-sp2.x86-64 sles10-sp2.s390x sle10-sp2-sdk.x86 sles10-sp2.ppc sle10-sp2-sdk.s390x sled10-sp2.x86 sles10-sp2.x86-64 sle10-sp2-sdk.ppc sle10-sp2-sdk.x86-64 sles10-sp2.x86 sle10-sp2-sdk.ia64 sles10-sp2.ia64 ZYPP Patch Nr: 6541
SUSE Linux Enterprise Server 10 SP2 for IPF	`mozilla-nspr >= 4.8-1.4.2` `mozilla-nspr-devel >= 4.8-1.4.2` `mozilla-nspr-x86 >= 4.8-1.4.2` `mozilla-nss >= 3.12.3.1-1.4.2` `mozilla-nss-devel >= 3.12.3.1-1.4.2` `mozilla-nss-x86 >= 3.12.3.1-1.4.2`	sled10-sp2.x86-64 sles10-sp2.s390x sle10-sp2-sdk.x86 sles10-sp2.ppc sle10-sp2-sdk.s390x sled10-sp2.x86 sles10-sp2.x86-64 sle10-sp2-sdk.ppc sle10-sp2-sdk.x86-64 sles10-sp2.x86 sle10-sp2-sdk.ia64 sles10-sp2.ia64 ZYPP Patch Nr: 6541
SUSE Linux Enterprise Server 10 SP2 for IBM POWER	`mozilla-nspr >= 4.8-1.4.2` `mozilla-nspr-64bit >= 4.8-1.4.2` `mozilla-nspr-devel >= 4.8-1.4.2` `mozilla-nss >= 3.12.3.1-1.4.2` `mozilla-nss-64bit >= 3.12.3.1-1.4.2` `mozilla-nss-devel >= 3.12.3.1-1.4.2`	sled10-sp2.x86-64 sles10-sp2.s390x sle10-sp2-sdk.x86 sles10-sp2.ppc sle10-sp2-sdk.s390x sled10-sp2.x86 sles10-sp2.x86-64 sle10-sp2-sdk.ppc sle10-sp2-sdk.x86-64 sles10-sp2.x86 sle10-sp2-sdk.ia64 sles10-sp2.ia64 ZYPP Patch Nr: 6541
SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit	`mozilla-nspr >= 4.8-1.4.2` `mozilla-nspr-32bit >= 4.8-1.4.2` `mozilla-nspr-devel >= 4.8-1.4.2` `mozilla-nss >= 3.12.3.1-1.4.2` `mozilla-nss-32bit >= 3.12.3.1-1.4.2` `mozilla-nss-devel >= 3.12.3.1-1.4.2`	sled10-sp2.x86-64 sles10-sp2.s390x sle10-sp2-sdk.x86 sles10-sp2.ppc sle10-sp2-sdk.s390x sled10-sp2.x86 sles10-sp2.x86-64 sle10-sp2-sdk.ppc sle10-sp2-sdk.x86-64 sles10-sp2.x86 sle10-sp2-sdk.ia64 sles10-sp2.ia64 ZYPP Patch Nr: 6541
openSUSE 10.3	`seamonkey >= 1.1.18-0.1` `seamonkey-dom-inspector >= 1.1.18-0.1` `seamonkey-irc >= 1.1.18-0.1` `seamonkey-mail >= 1.1.18-0.1` `seamonkey-spellchecker >= 1.1.18-0.1` `seamonkey-venkman >= 1.1.18-0.1`
SUSE CORE 9 for AMD64 and Intel EM64T	`mozilla >= 1.8.1_seamonkey_1.1.19.112-0.1` `mozilla-devel >= 1.8.1_seamonkey_1.1.19.112-0.1` `mozilla-dom-inspector >= 1.8.1_seamonkey_1.1.19.112-0.1` `mozilla-irc >= 1.8.1_seamonkey_1.1.19.112-0.1` `mozilla-mail >= 1.8.1_seamonkey_1.1.19.112-0.1` `mozilla-venkman >= 1.8.1_seamonkey_1.1.19.112-0.1`	Builds YOU Patch Nr: 12755
openSUSE 10.3	`libfreebl3 >= 3.12.3.1-1.1` `libfreebl3-32bit >= 3.12.3.1-1.1` `libfreebl3-64bit >= 3.12.3.1-1.1` `mozilla-nspr >= 4.7.1-46.1` `mozilla-nspr-32bit >= 4.7.1-46.1` `mozilla-nspr-64bit >= 4.7.1-46.1` `mozilla-nspr-devel >= 4.7.1-46.1` `mozilla-nss >= 3.12.3.1-1.1` `mozilla-nss-32bit >= 3.12.3.1-1.1` `mozilla-nss-64bit >= 3.12.3.1-1.1` `mozilla-nss-devel >= 3.12.3.1-1.1` `mozilla-nss-tools >= 3.12.3.1-1.1`

Markets

Products By Category

Novell

NetIQ (Moving soon to NetIQ.com)

A-Z

Contribute