Mozilla Firefox and Thunderbird Certificate Length Validation Vulnerability

A vulnerability exists in Mozilla Firefox versions prior to 135, Firefox ESR versions prior to 128.7, and Thunderbird versions prior to 128.7 and in Thunderbird versions prior to 135. This vulnerability arises because the length of certificates was not properly validated when they were added to a certificate store. Although only trusted data was processed, the improper validation could potentially allow for the acceptance of excessively long certificates as valid.

Impact

Exploitation of this vulnerability could lead to the acceptance of long certificates, which may cause issues in certificate handling or validation processes.

Reproduction

The vulnerability can be reproduced by adding a certificate with an excessively long length to the certificate store. This can be done by using a certificate that exceeds the maximum allowed length, taking advantage of the improper validation logic. The issue arises from the use of 'u16::max' instead of 'u16::MAX' in the certificate length validation, which could allow very long certificates to be processed as valid.

Remediation

Users can update to Firefox 135, Firefox ESR 128.7, Thunderbird 135, or Thunderbird 128.7 to address this vulnerability.