CVE-2012-0441

EUVD-2012-0473
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
4.0
mozillafirefox
4.0:beta1
mozillafirefox
4.0:beta10
mozillafirefox
4.0:beta11
mozillafirefox
4.0:beta12
mozillafirefox
4.0:beta2
mozillafirefox
4.0:beta3
mozillafirefox
4.0:beta4
mozillafirefox
4.0:beta5
mozillafirefox
4.0:beta6
mozillafirefox
4.0:beta7
mozillafirefox
4.0:beta8
mozillafirefox
4.0:beta9
mozillafirefox
4.0.1
mozillafirefox
5.0
mozillafirefox
5.0.1
mozillafirefox
6.0
mozillafirefox
6.0.1
mozillafirefox
6.0.2
mozillafirefox
7.0
mozillafirefox
7.0.1
mozillafirefox
8.0
mozillafirefox
8.0.1
mozillafirefox
9.0
mozillafirefox
9.0.1
mozillafirefox
10.0
mozillafirefox
10.0.1
mozillafirefox
10.0.2
mozillafirefox
10.0.3
mozillafirefox
10.0.4
mozillafirefox
11.0
mozillafirefox
12.0
mozillafirefox
12.0:beta6
mozillanetwork_security_services
𝑥
≤ 3.12.3
mozillanetwork_security_services
3.2
mozillanetwork_security_services
3.2.1
mozillanetwork_security_services
3.3
mozillanetwork_security_services
3.3.1
mozillanetwork_security_services
3.3.2
mozillanetwork_security_services
3.4
mozillanetwork_security_services
3.4.1
mozillanetwork_security_services
3.4.2
mozillanetwork_security_services
3.5
mozillanetwork_security_services
3.6
mozillanetwork_security_services
3.6.1
mozillanetwork_security_services
3.7
mozillanetwork_security_services
3.7.1
mozillanetwork_security_services
3.7.2
mozillanetwork_security_services
3.7.3
mozillanetwork_security_services
3.7.5
mozillanetwork_security_services
3.7.7
mozillanetwork_security_services
3.8
mozillanetwork_security_services
3.9
mozillanetwork_security_services
3.11.2
mozillanetwork_security_services
3.11.3
mozillanetwork_security_services
3.11.4
mozillanetwork_security_services
3.11.5
mozillanetwork_security_services
3.12
mozillanetwork_security_services
3.12.1
mozillanetwork_security_services
3.12.2
mozillaseamonkey
𝑥
≤ 2.9
mozillaseamonkey
1.0
mozillaseamonkey
1.0:alpha
mozillaseamonkey
1.0:beta
mozillaseamonkey
1.0.1
mozillaseamonkey
1.0.2
mozillaseamonkey
1.0.3
mozillaseamonkey
1.0.4
mozillaseamonkey
1.0.5
mozillaseamonkey
1.0.6
mozillaseamonkey
1.0.7
mozillaseamonkey
1.0.8
mozillaseamonkey
1.0.9
mozillaseamonkey
1.1
mozillaseamonkey
1.1:alpha
mozillaseamonkey
1.1:beta
mozillaseamonkey
1.1.1
mozillaseamonkey
1.1.2
mozillaseamonkey
1.1.3
mozillaseamonkey
1.1.4
mozillaseamonkey
1.1.5
mozillaseamonkey
1.1.6
mozillaseamonkey
1.1.7
mozillaseamonkey
1.1.8
mozillaseamonkey
1.1.9
mozillaseamonkey
1.1.10
mozillaseamonkey
1.1.11
mozillaseamonkey
1.1.12
mozillaseamonkey
1.1.13
mozillaseamonkey
1.1.14
mozillaseamonkey
1.1.15
mozillaseamonkey
1.1.16
mozillaseamonkey
1.1.17
mozillaseamonkey
1.1.18
mozillaseamonkey
1.1.19
mozillaseamonkey
1.5.0.8
mozillaseamonkey
1.5.0.9
mozillaseamonkey
1.5.0.10
mozillaseamonkey
2.0
mozillaseamonkey
2.0:alpha_1
mozillaseamonkey
2.0:alpha_2
mozillaseamonkey
2.0:alpha_3
mozillaseamonkey
2.0:beta_1
mozillaseamonkey
2.0:beta_2
mozillaseamonkey
2.0:rc1
mozillaseamonkey
2.0:rc2
mozillaseamonkey
2.0.1
mozillaseamonkey
2.0.2
mozillaseamonkey
2.0.3
mozillaseamonkey
2.0.4
mozillaseamonkey
2.0.5
mozillaseamonkey
2.0.6
mozillaseamonkey
2.0.7
mozillaseamonkey
2.0.8
mozillaseamonkey
2.0.9
mozillaseamonkey
2.0.10
mozillaseamonkey
2.0.11
mozillaseamonkey
2.0.12
mozillaseamonkey
2.0.13
mozillaseamonkey
2.0.14
mozillaseamonkey
2.1
mozillaseamonkey
2.1:alpha1
mozillaseamonkey
2.1:alpha2
mozillaseamonkey
2.1:alpha3
mozillaseamonkey
2.1:beta1
mozillaseamonkey
2.1:beta2
mozillaseamonkey
2.1:beta3
mozillaseamonkey
2.1:rc1
mozillaseamonkey
2.1:rc2
mozillaseamonkey
2.2
mozillaseamonkey
2.2:beta1
mozillaseamonkey
2.2:beta2
mozillaseamonkey
2.2:beta3
mozillaseamonkey
2.3
mozillaseamonkey
2.3:beta1
mozillaseamonkey
2.3:beta2
mozillaseamonkey
2.3:beta3
mozillaseamonkey
2.3.1
mozillaseamonkey
2.3.2
mozillaseamonkey
2.3.3
mozillaseamonkey
2.4
mozillaseamonkey
2.4:beta1
mozillaseamonkey
2.4:beta2
mozillaseamonkey
2.4:beta3
mozillaseamonkey
2.4.1
mozillaseamonkey
2.5
mozillaseamonkey
2.5:beta1
mozillaseamonkey
2.5:beta2
mozillaseamonkey
2.5:beta3
mozillaseamonkey
2.5:beta4
mozillaseamonkey
2.6
mozillaseamonkey
2.6:beta1
mozillaseamonkey
2.6:beta2
mozillaseamonkey
2.6:beta3
mozillaseamonkey
2.6:beta4
mozillaseamonkey
2.6.1
mozillaseamonkey
2.7
mozillaseamonkey
2.7:beta1
mozillaseamonkey
2.7:beta2
mozillaseamonkey
2.7:beta3
mozillaseamonkey
2.7:beta4
mozillaseamonkey
2.7:beta5
mozillaseamonkey
2.7.1
mozillaseamonkey
2.7.2
mozillaseamonkey
2.8
mozillaseamonkey
2.8:beta1
mozillaseamonkey
2.8:beta2
mozillaseamonkey
2.8:beta3
mozillaseamonkey
2.8:beta4
mozillaseamonkey
2.8:beta5
mozillaseamonkey
2.8:beta6
mozillaseamonkey
2.9:beta1
mozillaseamonkey
2.9:beta2
mozillaseamonkey
2.9:beta3
mozillathunderbird
5.0
mozillathunderbird
6.0
mozillathunderbird
6.0.1
mozillathunderbird
6.0.2
mozillathunderbird
7.0
mozillathunderbird
7.0.1
mozillathunderbird
8.0
mozillathunderbird
9.0
mozillathunderbird
9.0.1
mozillathunderbird
10.0
mozillathunderbird
10.0.1
mozillathunderbird
10.0.2
mozillathunderbird
10.0.3
mozillathunderbird
10.0.4
mozillathunderbird
11.0
mozillathunderbird
12.0
mozillathunderbird_esr
10.0
mozillathunderbird_esr
10.0.1
mozillathunderbird_esr
10.0.2
mozillathunderbird_esr
10.0.3
mozillathunderbird_esr
10.0.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nss
bookworm
2:3.87.1-1
fixed
bullseye
2:3.61-1+deb11u3
fixed
bullseye (security)
2:3.61-1+deb11u4
fixed
sid
2:3.105-2
fixed
trixie
2:3.105-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
hardy
ignored
lucid
Fixed 13.0+build1-0ubuntu0.10.04.1
released
natty
Fixed 13.0+build1-0ubuntu0.11.04.1
released
oneiric
Fixed 13.0+build1-0ubuntu0.11.10.1
released
precise
Fixed 13.0+build1-0ubuntu0.12.04.1
released
quantal
Fixed 14.0~b6+build2-0ubuntu2
released
raring
Fixed 14.0~b6+build2-0ubuntu2
released
saucy
Fixed 14.0~b6+build2-0ubuntu2
released
nss
hardy
ignored
lucid
Fixed 3.12.9+ckbi-1.82-0ubuntu0.10.04.4
released
natty
Fixed 3.12.9+ckbi-1.82-0ubuntu2.2
released
oneiric
Fixed 3.12.9+ckbi-1.82-0ubuntu6.1
released
precise
Fixed 3.13.1.with.ckbi.1.88-1ubuntu6.1
released
quantal
Fixed 3.13.1.with.ckbi.1.88-1ubuntu7
released
raring
Fixed 3.13.1.with.ckbi.1.88-1ubuntu7
released
saucy
Fixed 3.13.1.with.ckbi.1.88-1ubuntu7
released
seamonkey
hardy
ignored
lucid
ignored
natty
ignored
oneiric
ignored
precise
dne
quantal
dne
raring
dne
saucy
dne
thunderbird
hardy
ignored
lucid
Fixed 13.0.1+build1-0ubuntu0.10.04.1
released
natty
Fixed 13.0.1+build1-0ubuntu0.11.04.1
released
oneiric
Fixed 13.0.1+build1-0ubuntu0.11.10.1
released
precise
Fixed 13.0.1+build1-0ubuntu0.12.04.1
released
quantal
not-affected
raring
not-affected
saucy
not-affected
xulrunner-1.9.2
hardy
ignored
lucid
not-affected
natty
ignored
oneiric
dne
precise
dne
quantal
dne
raring
dne
saucy
dne
xulrunner-2.0
hardy
dne
lucid
dne
natty
ignored
oneiric
dne
precise
dne
quantal
dne
raring
dne
saucy
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html
http://secunia.com/advisories/49976
http://secunia.com/advisories/50316
http://www.debian.org/security/2012/dsa-2490
http://www.mandriva.com/security/advisories?name=MDVSA-2012:088
http://www.mozilla.org/security/announce/2012/mfsa2012-39.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/53798
http://www.ubuntu.com/usn/USN-1540-1
http://www.ubuntu.com/usn/USN-1540-2
https://bugzilla.mozilla.org/show_bug.cgi?id=715073
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16701
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html
http://secunia.com/advisories/49976
http://secunia.com/advisories/50316
http://www.debian.org/security/2012/dsa-2490
http://www.mandriva.com/security/advisories?name=MDVSA-2012:088
http://www.mozilla.org/security/announce/2012/mfsa2012-39.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/53798
http://www.ubuntu.com/usn/USN-1540-1
http://www.ubuntu.com/usn/USN-1540-2
https://bugzilla.mozilla.org/show_bug.cgi?id=715073
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16701