Critical:
Moderately critical
Impact: DoS
System access
Where: From remote
Software: Mozilla 1.0
Mozilla 1.1
Mozilla 1.2
Mozilla 1.3
Mozilla 1.4
Network Security Services (NSS) 3.x
CVE reference: CAN-2003-0564
Description:
A vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system, has been reported in NSS (Network Security Services) security suite and Mozilla browsers shipping vulnerable versions of it.
The vulnerability is caused due to a handling error in the S/MIME (Secure/Multipurpose Internet Mail Extensions) implementation when parsing certain ASN.1 constructs. This can be exploited by sending a specially crafted S/MIME email containing an exceptional ASN.1 element to a user.
The vulnerability reportedly affects NSS 3.8 and prior as well as Mozilla browsers shipping affected versions.
Solution:
The vulnerability has been fixed in NSS 3.9 and Mozilla browsers shipping this version.
Provided and/or discovered by:
NISCC
http://secunia.com/advisories/11096/

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic