NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. This vulnerability allows applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 to be impacted. Moreover, applications relying on NSS for certificate validation or other TLS, X.509, OCSP, or CRL functionality may also be at risk, depending on their configuration of NSS.
It is important to note that this vulnerability does NOT impact Mozilla Firefox. However, email clients and PDF viewers that utilize NSS for signature verification, such as Thunderbird, LibreOffice, Evolution, and Evince, are believed to be affected. The urgency for organizations to address this vulnerability cannot be overstated, as it presents a critical risk.
The CVSS score for this vulnerability is 9.8, indicating a critical severity level. Risk to organizations includes potential unauthorized access and data corruption, making it imperative for organizations to prioritize patching immediately.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)