Moxie

**Name of the Vulnerable Software and Affected Versions** Mozilla Network Security Services (NSS) versions prior to 3.12.3 **Description** A heap-based buffer overflow issue exists in the regular-expression parser of Mozilla Network Security Services (NSS), which can be triggered by a long domain name in the subject's Common Name (CN) field of an X.509 certificate. This issue may allow remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code. The issue is related to the `cert TestHostName` function. **Recommendations** For versions prior to 3.12.3, update to version 3.12.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `cert TestHostName` function until a patch is available. Avoid using long domain names in the subject's Common Name (CN) field of an X.509 certificate to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mozilla Network Security Services (NSS) versions prior to 3.12.3 Firefox versions prior to 3.0.13 Thunderbird versions prior to 2.0.0.23 SeaMonkey versions prior to 1.1.18 **Description** The issue arises from improper handling of a '0' character in a domain name within the subject's Common Name (CN) field of an X.509 certificate. This allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. **Recommendations** For Mozilla Network Security Services (NSS) versions prior to 3.12.3, update to version 3.12.3 or later. For Firefox versions prior to 3.0.13, update to version 3.0.13 or later. For Thunderbird versions prior to 2.0.0.23, update to version 2.0.0.23 or later. For SeaMonkey versions prior to 1.1.18, update to version 1.1.18 or later.