Intrusion Prevention

Mozilla.NSS.SSLv2.Server.Stack.Overflow

Description

This indicates a possible exploit of a buffer-overflow vulnerability in the SSLv2 support in Mozilla Network Security Services (NSS).
The vulnerability is caused by the software's inability to handle invalid parameters. A remote attacker may exploit this to execute arbitrary code.

Affected Products

Mozilla Firefox versions prior to 2.0.0.2
Mozilla Firefox versions prior to 1.5.0.10
Mozilla SeaMonkey versions prior to 1.0.8
Network Security Services (NSS) versions prior to 3.11.5

Impact

System compromise: Remote code execution.

Recommended Actions

Upgrade to Mozilla Firefox version 2.0.0.2 or 1.5.0.10 :
http://www.mozilla.com/firefox/
Upgrade to Mozilla SeaMonkey version 1.0.8 :
http://www.mozilla.org/projects/seamonkey/
Upgrade to Network Security Services (NSS) version 3.11.5 :
http://www.mozilla.org/projects/security/pki/nss/

CVE References

CVE-2007-0009