Mozilla has rolled out fixes to address a critical security weakness in its cross-platform Network Security Services (NSS) cryptographic library that could be potentially exploited by an adversary to crash a vulnerable application and even execute arbitrary code.
Tracked as CVE-2021-43527, the flaw affects NSS versions prior to 3.73 or 3.68.1 ESR, and concerns a heap overflow vulnerability when verifying digital signatures such as DSA and RSA-PSS algorithms that are encoded using the DER binary format. Credited with reporting the issue is Tavis Ormandy of Google Project Zero, who codenamed it “BigSig.”
“NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures,” Mozilla said in an advisory published Wednesday. “Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted.”
NSS is a collection of open-source cryptographic computer libraries designed to enable cross-platform development of client-server applications, with support for SSL v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.
The bug, the consequence of missing bounds check that could allow the execution of arbitrary attacker-controlled code, is said to have been exploitable dating all the way back to June 2012, “The striking thing about this vulnerability is just how simple it is,” Ormandy said in a technical write-up.
While the BigSig shortcoming doesn’t affect Mozilla’s Firefox web browser itself, email clients, PDF viewers, and other applications that rely on NSS for signature verification, such as Red Hat, Thunderbird, LibreOffice, Evolution, and Evince, are believed to be vulnerable.
“This is a major memory corruption flaw in NSS, almost any use of NSS is affected,” Ormandy tweeted. “If you are a vendor that distributes NSS in your products, you will most likely need to update or backport the patch.”