Vulnerability CVE-2009-2408


Published: 2009-07-30   Modified: 2012-02-13

Description:
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.

Type:

CWE-20

(Improper Input Validation)

Vendor: Mozilla
Product: NSS 
Version:
3.6
3.4
3.12
3.11.8
3.11.7
3.11.4
3.11.2
3.0
See more versions on NVD
Product: Firefox 
Version:
3.2
3.1
3.0beta5
3.0.9
3.0.8
3.0.7
3.0.6
3.0.5
3.0.4
3.0.3
3.0.2
3.0.12
3.0.11
3.0.10
3.0.1
3.0
2.0_8
2.0_.9
2.0_.7
2.0_.6
2.0_.5
2.0_.4
2.0_.10
2.0_.1
2.0.0.9
2.0.0.8
2.0.0.7
2.0.0.6
2.0.0.5
2.0.0.4
2.0.0.3
2.0.0.21
2.0.0.20
2.0.0.2
2.0.0.19
2.0.0.18
2.0.0.17
2.0.0.16
2.0.0.15
2.0.0.14
2.0.0.13
2.0.0.12
2.0.0.11
2.0.0.10
2.0.0.1
2.0
1.8
1.5.8
1.5.7
1.5.6
1.5.5
1.5.4
1.5.3
1.5.2
1.5.1
1.5.0.9
1.5.0.8
1.5.0.7
1.5.0.6
1.5.0.5
1.5.0.4
1.5.0.3
1.5.0.2
1.5.0.12
1.5.0.11
1.5.0.10
1.5.0.1
See more versions on NVD
Product: Thunderbird 
Version:
2.0.0.9
2.0.0.8
2.0.0.7
2.0.0.6
2.0.0.5
2.0.0.4
2.0.0.3
2.0.0.22
2.0.0.21
2.0.0.20
2.0.0.2
2.0.0.19
2.0.0.18
2.0.0.17
2.0.0.16
2.0.0.15
2.0.0.14
2.0.0.13
2.0.0.12
2.0.0.11
2.0.0.1
2.0.0.0
See more versions on NVD
Product: Seamonkey 
Version:
1.5.0.9
1.5.0.8
1.5.0.10
See more versions on NVD

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://isc.sans.org/diary.html?storyid=7003
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
http://marc.info/?l=oss-security&m=125198917018936&w=2
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1
http://www.debian.org/security/2009/dsa-1874
http://www.mandriva.com/security/advisories?name=MDVSA-2009:197
http://www.mandriva.com/security/advisories?name=MDVSA-2009:216
http://www.mandriva.com/security/advisories?name=MDVSA-2009:217
http://www.mozilla.org/security/announce/2009/mfsa2009-42.html
http://www.novell.com/linux/security/advisories/2009_48_firefox.html
http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8&r2=1.11&f=h
http://www.redhat.com/support/errata/RHSA-2009-1207.html
http://www.redhat.com/support/errata/RHSA-2009-1432.html
http://www.securitytracker.com/id?1022632
http://www.ubuntu.com/usn/usn-810-1
http://www.vupen.com/english/advisories/2009/2085
http://www.vupen.com/english/advisories/2009/3184
http://www.wired.com/threatlevel/2009/07/kaminsky/
https://bugzilla.redhat.com/show_bug.cgi?id=510251
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10751
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8458
https://usn.ubuntu.com/810-2/

Related CVE
CVE-2019-9821
A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. This results in a potentially exploitable crash. This vulnerability affects Firefox < 67.
CVE-2019-9820
A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
CVE-2019-9819
A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
CVE-2019-9817
Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and ...
CVE-2019-9816
A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with Unboxed...
CVE-2019-9815
If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sy...
CVE-2019-9814
Mozilla developers and community members reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. Th...
CVE-2019-9811
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < ...

Copyright 2019, cxsecurity.com

 

Back to Top