Severity

Medium

Analysis Summary

CVE-2021-43527 

Mozilla Network Security Services (NSS), as used in Mozilla Firefox is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when handling DER-encoded DSA or RSA-PSS signatures. By sending an overly long signature, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

Impact

• Buffer Overflow

Affected Vendors

Mozilla

Affected Products

• Mozilla Nss 3.66

Remediation

Refer to Mozilla Security Advisory for patch, upgrade or suggested workaround information.