the– Researcher Tavis Ormandy has a serious security vulnerability in the Network Security Services (NSS) library – although Mozilla is known for its thorough troubleshooting via fuzzing. According to Ormandy, attempting to create an ASN.1 signature with more than 16384 bits will overwrite the contents of the memory.
“What happens if you just create a signature that is larger? Well, it turns out the answer is memory corruption. Yes, really, ”Ormandy wrote in a blog post. “The untrustworthy signature is simply copied into this fixed-size buffer, whereby neighboring elements are overwritten with any data controlled by the attacker. The error is easy to reproduce and affects several algorithms ”.
According to Mozilla, Firefox is not affected by the bug. However, the company does not rule out that Thunderbird, LibreOffice, Evolution and Evince could be attacked by the faulty library.
Ormandy also has a guess as to why Mozilla didn’t notice the bug. Thanks to the modular nature of NSS, there were no end-to-end tests in the library as each part was tested independently. To make matters worse, the fuzzers have an input limit of 10,000 bytes, while NSS has no such limit.