First published: Thu Nov 05 2015(Updated: )
Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle Traffic Director | =11.1.1.7.0 | |
Oracle Traffic Director | =11.1.1.9.0 | |
Oracle OpenSSO | =3.0-0.7 | |
Oracle Iplanet Web Proxy Server | =4.0 | |
Mozilla Firefox ESR | =38.0 | |
Mozilla Firefox ESR | =38.0.1 | |
Mozilla Firefox ESR | =38.0.5 | |
Mozilla Firefox ESR | =38.1.0 | |
Mozilla Firefox ESR | =38.1.1 | |
Mozilla Firefox ESR | =38.2.0 | |
Mozilla Firefox ESR | =38.2.1 | |
Mozilla Firefox ESR | =38.3.0 | |
Oracle GlassFish Server | =2.1.1 | |
Mozilla Network Security Services | <=3.19.2.0 | |
Mozilla Network Security Services | =3.20.0 | |
Oracle iPlanet Web Server | =7.0 | |
Mozilla Firefox | <=41.0.2 | |
Mozilla Firefox | =38.0 | |
Mozilla Firefox | =38.0.1 | |
Mozilla Firefox | =38.0.5 | |
Mozilla Firefox | =38.1.0 | |
Mozilla Firefox | =38.1.1 | |
Mozilla Firefox | =38.2.0 | |
Mozilla Firefox | =38.2.1 | |
Mozilla Firefox | =38.3.0 | |
IBM Cognos Analytics | <=12.0.0-12.0.3 | |
IBM Cognos Analytics | <=11.2.0-11.2.4 FP4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.