Mozilla properly fuzzed NSS and still ended up with a simple memory corruption hole

2 December 2021

When it comes to fuzzing, Mozilla has plenty of cred, and has been doing so for some time, and yet, its prized Network Security Services (NSS) library was busted by Google Project Zero’s Tavis Ormandy quite easily. In a blog post well worth your time, entitled This shouldn’t have happened, Ormandy found that if NSS was made to create an ASN.1 signature bigger than the maximum 16384 bits it expected, overwriting of memory would occur.

Read full article on ZDNet

Date:

2 December 2021

Categorie(s):

NEWS

Tag(s):

IT, Mozilla, News

Second time lucky for Thoma Bravo, which scoops up Darktrace for $5.3B26 April 2024
AI sparks increasing cyber concerns for execs amid growing adoption26 April 2024
More details on rural water system breach sought by legislators26 April 2024
Updated CISA exploited vulnerabilties catalog includes Windows print spooler bug26 April 2024
Severe Flaws Disclosed in Brocade SANnav SAN Management Software26 April 2024