search

Mozilla Firefox Compromise Of SSL-protected Communication

  Severity: MEDIUM
  CVE Identifier: CVE-2009-2408
  Advisory Date: JUL 21, 2015

  DESCRIPTION

Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.

  TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1003670
  Trend Micro Deep Security DPI Rule Name: 1003670 - Multiple Browser Certificate Regexp Parsing Heap Overflow

  AFFECTED SOFTWARE AND VERSION

  • Mozilla Thunderbird 2.0.0.9
  • Mozilla Thunderbird 2.0.0.8
  • Mozilla Thunderbird 2.0.0.7
  • Mozilla Thunderbird 2.0.0.6
  • Mozilla Thunderbird 2.0.0.5
  • Mozilla Thunderbird 2.0.0.4
  • Mozilla Thunderbird 2.0.0.3
  • Mozilla Thunderbird 2.0.0.2
  • Mozilla Thunderbird 2.0.0.22
  • Mozilla Thunderbird 2.0.0.21
  • Mozilla Thunderbird 2.0.0.20
  • Mozilla Thunderbird 2.0.0.19
  • Mozilla Thunderbird 2.0.0.18
  • Mozilla Thunderbird 2.0.0.17
  • Mozilla Thunderbird 2.0.0.16
  • Mozilla Thunderbird 2.0.0.15
  • Mozilla Thunderbird 2.0.0.14
  • Mozilla Thunderbird 2.0.0.13
  • Mozilla Thunderbird 2.0.0.12
  • Mozilla Thunderbird 2.0.0.11
  • Mozilla Thunderbird 2.0.0.1
  • Mozilla Thunderbird 2.0.0.0
  • Mozilla SeaMonkey 1.5.0.9
  • Mozilla SeaMonkey 1.5.0.8
  • Mozilla SeaMonkey 1.5.0.10
  • Mozilla SeaMonkey 1.1.9
  • Mozilla SeaMonkey 1.1.8
  • Mozilla SeaMonkey 1.1.7
  • Mozilla SeaMonkey 1.1.6
  • Mozilla SeaMonkey 1.1.5
  • Mozilla SeaMonkey 1.1.4
  • Mozilla SeaMonkey 1.1.3
  • Mozilla SeaMonkey 1.1.2
  • Mozilla SeaMonkey 1.1.16
  • Mozilla SeaMonkey 1.1.15
  • Mozilla SeaMonkey 1.1.14
  • Mozilla SeaMonkey 1.1.12
  • Mozilla SeaMonkey 1.1.11
  • Mozilla SeaMonkey 1.1.10
  • Mozilla SeaMonkey 1.1.1
  • Mozilla SeaMonkey 1.1
  • Mozilla SeaMonkey 1.0.9
  • Mozilla SeaMonkey 1.0.8
  • Mozilla SeaMonkey 1.0.6
  • Mozilla SeaMonkey 1.0.5
  • Mozilla SeaMonkey 1.0.4
  • Mozilla SeaMonkey 1.0.3
  • Mozilla SeaMonkey 1.0.2
  • Mozilla SeaMonkey 1.0.1
  • Mozilla NSS 3.6
  • Mozilla NSS 3.4
  • Mozilla NSS 3.12
  • Mozilla NSS 3.11.8
  • Mozilla NSS 3.11.7
  • Mozilla NSS 3.11.4
  • Mozilla NSS 3.11.2
  • Mozilla NSS 3.0
  • Mozilla Firefox 3.2
  • Mozilla Firefox 3.1
  • Mozilla Firefox 3.0 Beta 5
  • Mozilla Firefox 3.0.9
  • Mozilla Firefox 3.0.8
  • Mozilla Firefox 3.0.7
  • Mozilla Firefox 3.0.6
  • Mozilla Firefox 3.0.5
  • Mozilla Firefox 3.0.4
  • Mozilla Firefox 3.0.3
  • Mozilla Firefox 3.0.2
  • Mozilla Firefox 3.0.12
  • Mozilla Firefox 3.0.11
  • Mozilla Firefox 3.0.10
  • Mozilla Firefox 3.0.1
  • Mozilla Firefox 3.0
  • Mozilla Firefox 2.0_8
  • Mozilla Firefox 2.0_.9
  • Mozilla Firefox 2.0_.7
  • Mozilla Firefox 2.0_.6
  • Mozilla Firefox 2.0_.5
  • Mozilla Firefox 2.0_.4
  • Mozilla Firefox 2.0_.10
  • Mozilla Firefox 2.0_.1
  • Mozilla Firefox 2.0.0.4
  • Mozilla Firefox 2.0.0.3
  • Mozilla Firefox 2.0.0.21
  • Mozilla Firefox 2.0.0.20
  • Mozilla Firefox 2.0.0.2
  • Mozilla Firefox 2.0.0.18
  • Mozilla Firefox 2.0.0.17
  • Mozilla Firefox 2.0.0.16
  • Mozilla Firefox 2.0.0.15
  • Mozilla Firefox 0.7.1
  • Mozilla Firefox 0.7
  • Mozilla Firefox 0.6.1
  • Mozilla Firefox 0.6
  • Mozilla Firefox 0.5
  • Mozilla Firefox 0.4
  • Mozilla Firefox 0.3
  • Mozilla Firefox 0.2
  • Mozilla Firefox 0.10.1
  • Mozilla Firefox 0.10
  • Mozilla Firefox 0.1
  • Mozilla Firefox 2.0.0.9
  • Mozilla Firefox 2.0.0.8
  • Mozilla Firefox 2.0.0.7
  • Mozilla Firefox 2.0.0.6
  • Mozilla Firefox 2.0.0.5
  • Mozilla Firefox 2.0.0.14
  • Mozilla Firefox 2.0.0.13
  • Mozilla Firefox 2.0.0.12
  • Mozilla Firefox 2.0.0.11
  • Mozilla Firefox 2.0.0.10
  • Mozilla Firefox 2.0.0.1
  • Mozilla Firefox 2.0
  • Mozilla Firefox 1.8
  • Mozilla Firefox 1.5.8
  • Mozilla Firefox 1.5.7
  • Mozilla Firefox 1.5.6
  • Mozilla Firefox 1.5.5
  • Mozilla Firefox 1.5.4
  • Mozilla Firefox 1.5.3
  • Mozilla Firefox 1.5.2
  • Mozilla Firefox 1.5.1
  • Mozilla Firefox 1.5.0.9
  • Mozilla Firefox 1.5.0.8
  • Mozilla Firefox 1.5.0.7
  • Mozilla Firefox 1.5.0.6
  • Mozilla Firefox 1.5.0.5
  • Mozilla Firefox 1.5.0.4
  • Mozilla Firefox 1.5.0.3
  • Mozilla Firefox 1.5.0.2
  • Mozilla Firefox 1.5.0.12
  • Mozilla Firefox 1.5.0.11
  • Mozilla Firefox 1.5.0.10
  • Mozilla Firefox 1.4.1
  • Mozilla Firefox 1.0.8
  • Mozilla Firefox 0.9_rc
  • Mozilla Firefox 0.9.3
  • Mozilla Firefox 0.9.2
  • Mozilla Firefox 0.9.1
  • Mozilla Firefox 0.9