Lucene search
Mozilla FoundationMFSA2014-63HistoryJul 22, 2014 - 12:00 a.m.
Use-after-free while when manipulating certificates in the trusted cache — Mozilla
2014-07-2200:00:00
Mozilla Foundation
www.mozilla.org
31
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.106
Percentile
95.1%
Security researchers Tyson Smith and Jesse Schwartzentruber used the Address Sanitizer tool while fuzzing to discover a use-after-free error resulting in a crash. This is a result of a pair of NSSCertificate structures being added to a trust domain and then one of them is removed while they are still in use by the trusted cache. This crash is potentially exploitable.
Affected configurations
Node
mozillafirefoxRange<31
ORmozillafirefox_esrRange<24.7
ORmozillathunderbirdRange<24.7
ORmozillathunderbirdRange<31
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | firefox | * | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
| mozilla | firefox_esr | * | cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* |
| mozilla | thunderbird | * | cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* |
Related
centos
centos
nspr, nss security update
2014-07-23 00:41:58
nspr, nss security update
2014-07-23 02:49:51
nessus
nessus
RHEL 5 / 6 : nss (RHSA-2014:0915)
2014-11-11 00:00:00
CentOS 5 / 7 : nspr / nss (CESA-2014:0916)
2014-07-23 00:00:00
Debian DLA-89-1 : nss security update
2015-03-26 00:00:00
cvelist
cvelist
CVE-2014-1544
2014-07-23 10:00:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2014-63) - Linux
2021-11-11 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-385)
2015-09-08 00:00:00
CentOS Update for nspr CESA-2014:0916 centos5
2014-07-28 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:56:59
Denial Of Service (DoS)
2019-05-02 05:03:51
ubuntucve
ubuntucve
CVE-2014-1544
2014-07-22 00:00:00
debian
debian
[SECURITY] [DSA 3071-1] nss security update
2014-11-11 21:01:33
[SECURITY] [DSA 3071-1] nss security update
2014-11-11 21:01:33
[SECURITY] [DLA 89-1] nss security update
2014-11-22 16:47:54
redhat
redhat
(RHSA-2014:1165) Critical: nss security update
2014-09-08 00:00:00
(RHSA-2014:0915) Critical: nss security update
2014-07-22 00:00:00
(RHSA-2014:0916) Critical: nss and nspr security update
2014-07-22 00:00:00
osv
osv
nss - security update
2014-11-11 00:00:00
icedove - security update
2014-08-03 00:00:00
MozillaThunderbird-45.5.1-1.1 on GA media
2024-06-15 00:00:00
ubuntu
ubuntu
NSS vulnerability
2014-09-09 00:00:00
Thunderbird vulnerabilities
2014-07-22 00:00:00
Firefox vulnerabilities
2014-07-22 00:00:00
nvd
nvd
CVE-2014-1544
2014-07-23 11:12:42
cve
cve
CVE-2014-1544
2014-07-23 11:12:42
oraclelinux
oraclelinux
nss and nspr security update
2014-07-22 00:00:00
nss and nspr security, bug fix, and enhancement update
2014-07-22 00:00:00
amazon
amazon
Critical: nss
2014-07-23 14:08:00
debiancve
debiancve
CVE-2014-1544
2014-07-23 11:12:42
prion
prion
Design/Logic Flaw
2014-07-23 11:12:00
mageia
mageia
Updated nss, firefox and thunderbird packages fix security vulnerabilities
2014-07-26 15:32:13
f5
f5
SOL16716 - Multiple Mozilla NSS vulnerabilities
2015-06-05 00:00:00
K16716 : Multiple Mozilla NSS vulnerabilities
2015-09-17 00:00:00
suse
suse
MozillaThunderbird: Update to 24.7.0 (important)
2014-08-11 10:05:21
Mozilla updates 07/2014 (important)
2014-07-30 20:47:31
MozillaFirefox: Update to Mozilla Firefox 31 (important)
2014-07-30 20:43:23
freebsd
freebsd
mozilla -- multiple vulnerabilities
2014-07-22 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.106
Percentile
95.1%
Related for MFSA2014-63