Mozilla engineers Tyson Smith reported a use-after-poison in the ASN.1 decoder in Network Security Services (NSS). These issues were in octet string parsing and were found through fuzzing and code inspection. If these issues were exploited, they would lead to a potentially exploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in Firefox and Firefox ESR, respectively, as well as NSS 3.20.1. Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1192028 External Reference: https://www.mozilla.org/security/announce/2015/mfsa2015-133.html https://access.redhat.com/articles/2043623 Acknowledgements: Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Tyson Smith as the original reporter.
Fixed upstream in NSS version 3.19.2.1, 3.19.4, and 3.20.1: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes Upstream commits: http://hg.mozilla.org/projects/nss/rev/8ac7f47eecbb http://hg.mozilla.org/projects/nss/rev/25cb033147fd Consolidated fix with all about changes as applied to 3.20 branch: http://hg.mozilla.org/projects/nss/rev/685d45ec4723
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2015:1980 https://rhn.redhat.com/errata/RHSA-2015-1980.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6 Via RHSA-2015:1981 https://rhn.redhat.com/errata/RHSA-2015-1981.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 EUS - Server and Compute Node Only Red Hat Enterprise Linux 6.6 EUS - Server and Compute Node Only Red Hat Enterprise Linux 6.2 AUS Red Hat Enterprise Linux 6.4 AUS - Server Only Via RHSA-2015:2068 https://rhn.redhat.com/errata/RHSA-2015-2068.html