
NSS Library Signature Verification Vulnerability
Sometimes it happens that vulnerabilities pour one after another. While everyone is discussing ShellShock, Mozilla and Google are updating their Firefox and Chrome browsers to close a serious enough vulnerability that could, under certain circumstances, lead to falsification of the SSL certificate signature.
The Network Security Services (NSS) library, which is used for cryptography in Firefox and Chrome browsers, did not correctly handle padding in PKCS # 1 v1.5 signatures due to a vulnerability in DigestInfo ASN.1 encoding.
The implementation vulnerability is that DigestInfo was processed as if it were encoded in BER, which made it possible to encode the same ASN.1 object in different ways. The parser did not take into account some bytes in the certificate verification procedure, which allowed forging certificates if a small public exponent was used during its creation (for example, 3).
Mozilla product users should upgrade to the following versions:
Google Chrome users probably need to upgrade to the latest version (released September 24th).
More details about the vulnerability
The Network Security Services (NSS) library, which is used for cryptography in Firefox and Chrome browsers, did not correctly handle padding in PKCS # 1 v1.5 signatures due to a vulnerability in DigestInfo ASN.1 encoding.
The implementation vulnerability is that DigestInfo was processed as if it were encoded in BER, which made it possible to encode the same ASN.1 object in different ways. The parser did not take into account some bytes in the certificate verification procedure, which allowed forging certificates if a small public exponent was used during its creation (for example, 3).
Mozilla product users should upgrade to the following versions:
- Firefox 32.0.3
- Firefox ESR 24.8.1
- Firefox ESR 31.1.1
- Thunderbird 31.1.2
- Thunderbird 24.8.1
- SeaMonkey 2.29.1
- NSS 3.16.2.1
- NSS 3.16.5
- NSS 3.17.1
Google Chrome users probably need to upgrade to the latest version (released September 24th).
More details about the vulnerability