Mozilla engineers David Keeler reported a buffer overflow in the ASN.1 decoder in Network Security Services (NSS). These issues were in octet string parsing and were found through fuzzing and code inspection. If these issues were exploited, they would lead to a potentially exploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in Firefox and Firefox ESR, respectively, as well as NSS 3.20.1. Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1202868 External Reference: https://www.mozilla.org/security/announce/2015/mfsa2015-133.html https://access.redhat.com/articles/2043623 Acknowledgements: Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges David Keeler as the original reporter.
Fixed upstream in NSS version 3.19.2.1, 3.19.4, and 3.20.1: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes Upstream commits: http://hg.mozilla.org/projects/nss/rev/4dc247276e58 http://hg.mozilla.org/projects/nss/rev/534aca7a5bca http://hg.mozilla.org/projects/nss/rev/b4feb2cb0ed6 Consolidated fix with all about changes as applied to 3.20 branch: http://hg.mozilla.org/projects/nss/rev/f47d00c2732a
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2015:1980 https://rhn.redhat.com/errata/RHSA-2015-1980.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6 Via RHSA-2015:1981 https://rhn.redhat.com/errata/RHSA-2015-1981.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 EUS - Server and Compute Node Only Red Hat Enterprise Linux 6.6 EUS - Server and Compute Node Only Red Hat Enterprise Linux 6.2 AUS Red Hat Enterprise Linux 6.4 AUS - Server Only Via RHSA-2015:2068 https://rhn.redhat.com/errata/RHSA-2015-2068.html