Security researcher Christian Heimes reported that the Network Security Services (NSS) library does not handle IDNA domain prefixes according to RFC 6125 for wildcard certificates. This leads to improper wildcard matching of domains when they should not be matched in compliance with the specification. This issue was fixed in NSS version 3.16.

Affected configurations

Vulners

Node

mozillafirefoxRange<29

mozillaseamonkeyRange<2.26

CPENameOperatorVersion
firefoxlt29
seamonkeylt2.26

CPE	Name	Operator	Version
	firefox	lt	29
	seamonkey	lt	2.26

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492

www.ietf.org/rfc/rfc6125.txt

bugzilla.mozilla.org/show_bug.cgi?id=903885

developer.mozilla.org/en-US/docs/Overview_of_NSS

nessus 44

openvas 39

oraclelinux 3

slackware 1

redhat 4

nvd 1

seebug 1

ubuntucve 1

securityvulns 3

centos 3

ubuntu 2

cve 1

prion 1

cvelist 1

veracode 2

debiancve 1

amazon 5

cloudfoundry 1

osv 2

debian 2

ibm 4

f5 2

suse 7

mageia 1

freebsd 1

oracle 4

gentoo 1

nessus

RHEL 7 : nss, nss-util, nss-softokn (RHSA-2014:1073)

2014-08-19 00:00:00

Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : nss vulnerability (USN-2159-1)

2014-04-03 00:00:00

CentOS 7 : nss / nss-softokn / nss-util (CESA-2014:1073)

2014-08-19 00:00:00

openvas

CentOS Update for nss-softokn CESA-2014:1073 centos7

2014-09-10 00:00:00

Ubuntu Update for nss USN-2159-1

2014-04-03 00:00:00

Slackware: Security Advisory (SSA:2014-086-04)

2022-04-21 00:00:00

oraclelinux

nss, nss-util, nss-softokn security, bug fix, and enhancement update

2014-08-18 00:00:00

nss and nspr security, bug fix, and enhancement update

2014-09-17 00:00:00

nss and nspr security, bug fix, and enhancement update

2014-07-22 00:00:00

slackware

[slackware-security] mozilla-nss

2014-03-28 22:54:39

redhat

(RHSA-2014:1073) Low: nss, nss-util, nss-softokn security, bug fix, and enhancement update

2014-08-18 00:00:00

(RHSA-2014:1246) Moderate: nss and nspr security, bug fix, and enhancement update

2014-09-16 00:00:00

(RHSA-2014:0917) Critical: nss and nspr security, bug fix, and enhancement update

2014-07-22 00:00:00

nvd

CVE-2014-1492

2014-03-25 13:25:38

seebug

Mozilla Network Security Services 'p12creat.c'内存破坏漏洞

2014-03-25 00:00:00

ubuntucve

CVE-2014-1492

2014-03-25 00:00:00

securityvulns

[ MDVSA-2014:066 ] nss

2014-03-24 00:00:00

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

2014-05-01 00:00:00

Mozilla Firefox / Thunderbird / Seamonkey / nss multiple security vulnerabilities

2014-03-27 00:00:00

centos

nss security update

2014-08-18 21:47:41

nss security update

2014-09-30 11:21:57

nspr, nss security update

2014-07-23 02:49:51

ubuntu

NSS vulnerability

2014-04-02 00:00:00

Firefox vulnerabilities

2014-04-29 00:00:00

cve

CVE-2014-1492

2014-03-25 13:25:38

prion

Design/Logic Flaw

2014-03-25 13:25:00

cvelist

CVE-2014-1492

2014-03-25 01:00:00

veracode

Man-in-the-Middle Attack

2019-05-02 05:03:48

Denial Of Service (DoS)

2019-05-02 05:03:51

debiancve

CVE-2014-1492

2014-03-25 13:25:38

amazon

Medium: ruby22

2015-05-27 14:06:00

Medium: ruby19

2015-05-27 14:05:00

Medium: ruby20

2015-05-27 14:05:00

cloudfoundry

CVE-2015-1855 Ruby OpenSSL Hostname Verification | Cloud Foundry

2015-04-30 00:00:00

osv

nss - security update

2014-07-31 00:00:00

nss - security update

2014-07-31 00:00:00

debian

[SECURITY] [DSA 2994-1] nss security update

2014-07-31 11:51:32

[DLA 23-1] nss security update

2014-07-31 11:23:33

ibm

Security Bulletin: Six (6) Vulnerabilities in Network Security Services (NSS) & Netscape Portable Runtime (NSPR) affect IBM FlashSystem 840 and V840 (CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1544, CVE-2014-1545)

2023-02-18 01:45:50

Security Bulletin: Six (6) Vulnerabilities in Network Security Services (NSS) & Netscape Portable Runtime (NSPR) affect IBM FlashSystem and TMS RAMSAN 710, 720, 810, and 820 systems (CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-154

2023-02-28 01:12:10

Security Bulletin: Vulnerabilities in Network Security Services (NSS) and Netscape Portable Runtime (NSPR) affect IBM SAN Volume Controller and Storwize Family (CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1544, CVE-2014-1545)

2022-08-20 00:54:31

K16716 : Multiple Mozilla NSS vulnerabilities

2015-09-17 00:00:00

SOL16716 - Multiple Mozilla NSS vulnerabilities

2015-06-05 00:00:00

suse

Mozilla updates 07/2014 (important)

2014-07-30 20:47:31

Security update for Mozilla Firefox (important)

2014-05-16 02:05:07

Security update for Mozilla Firefox (important)

2014-05-14 01:04:17

mageia

Updated nss, firefox and thunderbird packages fix security vulnerabilities

2014-03-20 22:33:01

freebsd

mozilla -- multiple vulnerabilities

2014-04-29 00:00:00

oracle

Oracle Critical Patch Update - July 2014

2014-07-15 00:00:00

Oracle Critical Patch Update - October 2014

2014-10-14 00:00:00

Oracle Critical Patch Update Advisory - January 2015

2015-03-10 00:00:00

gentoo

Mozilla Products: Multiple vulnerabilities

2015-04-07 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

53.1%

JSON

Related for MFSA2014-45