Vulnerability Name:

CVE-2009-2404 (CCN-52139)

Assigned:2009-07-29
Published:2009-07-29
Updated:2018-10-03
Summary:Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2009-2404

Source: CCN
Type: RHSA-2009-1184
Critical: nspr and nss security and bug fix update

Source: CCN
Type: RHSA-2009-1185
Critical: seamonkey security update

Source: REDHAT
Type: UNKNOWN
RHSA-2009:1185

Source: CCN
Type: RHSA-2009-1186
Critical: nspr and nss security, bug fix, and enhancement update

Source: CCN
Type: RHSA-2009-1190
Critical: nspr and nss security and bug fix update

Source: CCN
Type: RHSA-2009-1207
Critical: nspr and nss security update

Source: CCN
Type: SA36088
Mozilla Firefox Network Security Services Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
36088

Source: CCN
Type: SA36093
Network Security Services Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
36102

Source: CCN
Type: SA36125
Mozilla Thunderbird / SeaMonkey Network Security Services Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
36125

Source: SECUNIA
Type: Vendor Advisory
36139

Source: SECUNIA
Type: Vendor Advisory
36157

Source: SECUNIA
Type: UNKNOWN
36434

Source: CCN
Type: SA37009
Sun Solaris Thunderbird Network Security Services Vulnerabilities

Source: CCN
Type: SA37032
Sun Solaris and Java Enterprise System Network Security Services Vulnerability

Source: SECUNIA
Type: UNKNOWN
37098

Source: CCN
Type: SA39428
Sun Java System Directory Server Two Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
39428

Source: CCN
Type: Sun Alert ID: 269468
Security Vulnerability in Mozilla Thunderbird Related to SSL Certificates May Cause Arbitrary Code Execution

Source: CCN
Type: Sun Alert ID: 273910
This Alert covers CVE-2009-2404 and CVE-2009-0688 for the Directory Server component of the Sun ONE Directory Server and Sun Java System Directory Server products.

Source: SUNALERT
Type: UNKNOWN
273910

Source: SUNALERT
Type: UNKNOWN
1021030

Source: SUNALERT
Type: UNKNOWN
1021699

Source: MISC
Type: UNKNOWN
http://www.blackhat.com/presentations/bh-usa-09/MARLINSPIKE/BHUSA09-Marlinspike-DefeatSSL-SLIDES.pdf

Source: DEBIAN
Type: UNKNOWN
DSA-1874

Source: DEBIAN
Type: DSA-1874
nss -- several vulnerabilities

Source: DEBIAN
Type: DSA-2025
icedove -- several vulnerabilities

Source: CCN
Type: IBM Internet Security Systems Protection Alert
Network Security Services (NSS) Parser RCE

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:197

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:216

Source: CCN
Type: Mozilla Web site
Network Security Services (NSS)

Source: CCN
Type: MFSA 2009-43
Heap overflow in certificate regexp parsing

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.mozilla.org/security/announce/2009/mfsa2009-43.html

Source: SUSE
Type: UNKNOWN
SUSE-SA:2009:048

Source: CCN
Type: Oracle Critical Patch Update Advisory - April 2010
Oracle Critical Patch Update Advisory - April 2010

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html

Source: REDHAT
Type: UNKNOWN
RHSA-2009:1207

Source: BID
Type: Patch
35891

Source: CCN
Type: BID-35891
Mozilla Firefox and Seamonkey Regular Expression Parsing Heap Buffer Overflow Vulnerability

Source: CCN
Type: BID-39333
RETIRED: Oracle April 2010 Critical Patch Update Multiple Vulnerabilities

Source: CCN
Type: USN-810-1
NSS vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-810-1

Source: CCN
Type: USN-810-2
NSPR update

Source: CCN
Type: USN-810-3
NSS regression

Source: CERT
Type: US Government Resource
TA10-103B

Source: VUPEN
Type: Patch, Vendor Advisory
ADV-2009-2085

Source: CCN
Type: Red Hat Bugzilla Bug 512912
nss regexp heap overflow

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=512912

Source: XF
Type: UNKNOWN
nss-parser-bo(52139)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11174

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:8658

Source: UBUNTU
Type: UNKNOWN
USN-810-2

Source: SUSE
Type: SUSE-SA:2009:048
Mozilla Firefox security update

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:network_security_services:3.12.3:*:*:*:*:*:*:*
  • AND
  • cpe:/a:aol:instant_messenger:*:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:evolution:*:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:*:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:*:*:*:*:*:*:*:*
  • OR cpe:/a:pidgin:pidgin:*:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:network_security_services:3.11.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:network_security_services:3.12.3:*:*:*:*:*:*:*
  • AND
  • cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::x86:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0::dev:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0::alpha:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0::beta:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_89::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_89::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_95::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_95::x86:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_64::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_79b::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_88::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_64::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_79b::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_88::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_48::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_50::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_53::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_54::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_56::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_58::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_59::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_60::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_62::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_65::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_68::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_69::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_72::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_75::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_76::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_78::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_81::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_82::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_84::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_85::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_87::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_86::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_49::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_51::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_52::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_55::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_57::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_61::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_63::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_66::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_67::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_70::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_71::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_73::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_74::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_77::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_79::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_83::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_48::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_55::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_54::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_50::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_57::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_49::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_56::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_52::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_51::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_53::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_67::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_66::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_59::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_65::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_58::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_61::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_63::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_60::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_62::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_71::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_68::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_72::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_77::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_70::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_74::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_73::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_76::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_69::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_75::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_78::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_84::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_83::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_79::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_86::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_85::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_87::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_80::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_82::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_81::sparc:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_100::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_100::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_102::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_102::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_80::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_91::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_91::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_90::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_90::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_104::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_104::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_101::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_101::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_105::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_105::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_92::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_92::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_93::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_94::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_99::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_98::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_97::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_96::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_94::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_93::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_99::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_97::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_98::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_96::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_103::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_103::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_106::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_106::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_107::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_107::x86:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_108::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_109::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_110::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_108::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_109::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_110::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_111::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_111::x86:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*
  • OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20092404
    V
    		CVE-2009-2404
    2022-05-20
    oval:org.mitre.oval:def:29071
    P
    		USN-810-3 -- NSS regression
    2015-08-17
    oval:org.mitre.oval:def:29169
    P
    		RHSA-2009:1186 -- nspr and nss security, bug fix, and enhancement update (Critical)
    2015-08-17
    oval:org.mitre.oval:def:13780
    P
    		USN-810-2 -- nspr update
    2014-06-30
    oval:org.mitre.oval:def:13850
    P
    		USN-810-1 -- nss vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:6699
    P
    		DSA-2025 icedove -- several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:13262
    P
    		DSA-2025-1 icedove -- several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:8111
    P
    		DSA-1874 nss -- several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:13737
    P
    		DSA-1874-1 nss -- several
    2014-06-23
    oval:org.mitre.oval:def:22412
    P
    		ELSA-2009:1186: nspr and nss security, bug fix, and enhancement update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:8658
    V
    		VMware Network Security Services (NSS) heap-based buffer overflow vulnerability
    2014-01-20
    oval:org.mitre.oval:def:11174
    V
    		Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.
    2013-04-29
    oval:org.debian:def:2025
    V
    		several vulnerabilities
    2010-03-31
    oval:org.debian:def:1874
    V
    		several vulnerabilities
    2009-08-26
    oval:com.redhat.rhsa:def:20091184
    P
    		RHSA-2009:1184: nspr and nss security and bug fix update (Critical)
    2009-07-30
    oval:com.redhat.rhsa:def:20091185
    P
    		RHSA-2009:1185: seamonkey security update (Critical)
    2009-07-30
    oval:com.redhat.rhsa:def:20091186
    P
    		RHSA-2009:1186: nspr and nss security, bug fix, and enhancement update (Critical)
    2009-07-30
    BACK
    mozilla network security services 3.12.3
    aol instant messenger *
    gnome evolution *
    mozilla firefox *
    mozilla seamonkey *
    mozilla thunderbird *
    pidgin pidgin *
    mozilla network security services 3.11.3
    mozilla network security services 3.11.2
    mozilla network security services 3.11.4
    mozilla network security services 3.11.5
    mozilla network security services 3.12.3
    suse suse linux 9.0
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    sun solaris 9
    redhat enterprise linux 3
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    sun solaris 10
    sun solaris 10
    mozilla seamonkey 1.0
    redhat rhel extras 4
    mozilla seamonkey 1.0.5
    novell suse linux enterprise server 10 sp2
    mandrakesoft mandrake linux corporate server 3.0
    mozilla seamonkey 1.0.7
    mozilla seamonkey 1.0.2
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2008.0
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2008.1 x86_64
    mozilla firefox 3.0 alpha
    mozilla seamonkey 1.0
    mozilla seamonkey 1.0.1
    mozilla seamonkey 1.0.3
    mozilla seamonkey 1.0.4
    mozilla seamonkey 1.0.6
    mozilla seamonkey 1.0.8
    novell opensuse 10.3
    mandrakesoft mandrake linux 2008.1
    mozilla firefox 3.0 beta5
    canonical ubuntu 8.04
    mozilla firefox 3.0 beta2
    mozilla seamonkey 1.0
    mozilla seamonkey 1.0
    mozilla firefox 3.0
    novell opensuse 11.0
    novell suse linux enterprise server 10 sp2
    sun opensolaris build_snv_89
    sun opensolaris build_snv_89
    sun solaris 9
    sun opensolaris build_snv_95
    sun opensolaris build_snv_95
    mozilla firefox 3.0.1
    sun opensolaris build_snv_64
    sun opensolaris build_snv_79b
    sun opensolaris build_snv_88
    sun opensolaris build_snv_64
    sun opensolaris build_snv_79b
    sun opensolaris build_snv_88
    sun opensolaris build_snv_48
    sun opensolaris build_snv_50
    sun opensolaris build_snv_53
    sun opensolaris build_snv_54
    sun opensolaris build_snv_56
    sun opensolaris build_snv_58
    sun opensolaris build_snv_59
    sun opensolaris build_snv_60
    sun opensolaris build_snv_62
    sun opensolaris build_snv_65
    sun opensolaris build_snv_68
    sun opensolaris build_snv_69
    sun opensolaris build_snv_72
    sun opensolaris build_snv_75
    sun opensolaris build_snv_76
    sun opensolaris build_snv_78
    sun opensolaris build_snv_81
    sun opensolaris build_snv_82
    sun opensolaris build_snv_84
    sun opensolaris build_snv_85
    sun opensolaris build_snv_87
    sun opensolaris build_snv_86
    sun opensolaris build_snv_49
    sun opensolaris build_snv_51
    sun opensolaris build_snv_52
    sun opensolaris build_snv_55
    sun opensolaris build_snv_57
    sun opensolaris build_snv_61
    sun opensolaris build_snv_63
    sun opensolaris build_snv_66
    sun opensolaris build_snv_67
    sun opensolaris build_snv_70
    sun opensolaris build_snv_71
    sun opensolaris build_snv_73
    sun opensolaris build_snv_74
    sun opensolaris build_snv_77
    sun opensolaris build_snv_79
    sun opensolaris build_snv_83
    sun opensolaris build_snv_48
    sun opensolaris build_snv_55
    sun opensolaris build_snv_54
    sun opensolaris build_snv_50
    sun opensolaris build_snv_57
    sun opensolaris build_snv_49
    sun opensolaris build_snv_56
    sun opensolaris build_snv_52
    sun opensolaris build_snv_51
    sun opensolaris build_snv_53
    sun opensolaris build_snv_67
    sun opensolaris build_snv_66
    sun opensolaris build_snv_59
    sun opensolaris build_snv_65
    sun opensolaris build_snv_58
    sun opensolaris build_snv_61
    sun opensolaris build_snv_63
    sun opensolaris build_snv_60
    sun opensolaris build_snv_62
    sun opensolaris build_snv_71
    sun opensolaris build_snv_68
    sun opensolaris build_snv_72
    sun opensolaris build_snv_77
    sun opensolaris build_snv_70
    sun opensolaris build_snv_74
    sun opensolaris build_snv_73
    sun opensolaris build_snv_76
    sun opensolaris build_snv_69
    sun opensolaris build_snv_75
    sun opensolaris build_snv_78
    sun opensolaris build_snv_84
    sun opensolaris build_snv_83
    sun opensolaris build_snv_79
    sun opensolaris build_snv_86
    sun opensolaris build_snv_85
    sun opensolaris build_snv_87
    sun opensolaris build_snv_80
    sun opensolaris build_snv_82
    sun opensolaris build_snv_81
    mandriva linux 2009.0
    mandriva linux 2009.0 -
    sun opensolaris build_snv_100
    sun opensolaris build_snv_100
    sun opensolaris build_snv_102
    sun opensolaris build_snv_102
    sun opensolaris build_snv_80
    sun opensolaris build_snv_91
    sun opensolaris build_snv_91
    sun opensolaris build_snv_90
    sun opensolaris build_snv_90
    sun opensolaris build_snv_104
    sun opensolaris build_snv_104
    sun opensolaris build_snv_101
    sun opensolaris build_snv_101
    sun opensolaris build_snv_105
    sun opensolaris build_snv_105
    sun opensolaris build_snv_92
    sun opensolaris build_snv_92
    sun opensolaris build_snv_93
    sun opensolaris build_snv_94
    sun opensolaris build_snv_99
    sun opensolaris build_snv_98
    sun opensolaris build_snv_97
    sun opensolaris build_snv_96
    sun opensolaris build_snv_94
    sun opensolaris build_snv_93
    sun opensolaris build_snv_99
    sun opensolaris build_snv_97
    sun opensolaris build_snv_98
    sun opensolaris build_snv_96
    sun opensolaris build_snv_103
    sun opensolaris build_snv_103
    sun opensolaris build_snv_106
    sun opensolaris build_snv_106
    sun opensolaris build_snv_107
    sun opensolaris build_snv_107
    debian debian linux 5.0
    sun opensolaris build_snv_108
    sun opensolaris build_snv_109
    sun opensolaris build_snv_110
    sun opensolaris build_snv_108
    sun opensolaris build_snv_109
    sun opensolaris build_snv_110
    sun opensolaris build_snv_111
    sun opensolaris build_snv_111
    mozilla firefox 3.0.10
    mozilla firefox 3.0.12
    mandriva linux 2009.1
    mandriva linux 2009.1
    mandriva enterprise server 5
    mandriva enterprise server 5