Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mozillaMozilla FoundationMFSA2014-65
HistoryJul 22, 2014 - 12:00 a.m.

Certificate parsing broken by non-standard character encoding — Mozilla

2014-07-2200:00:00
Mozilla Foundation
www.mozilla.org
33

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS

0.028

Percentile

90.6%

JSON

Mozilla security researcher Christian Holler discovered several issues while fuzzing the parsing of SSL certificates. Two of these issues were a result of using characters that are not UTF-8 in certificates when various functions expected all strings to be UTF-8 format. The third issue was a result of using characters that were not ASCII in certificates while a function expected only ASCII formatted text. All of these issues causes the certificates to be incorrectly parsed, leading to a potential inability to use valid SSL certificates.

Affected configurations

Vulners
Node
mozillafirefoxRange<31
OR
mozillathunderbirdRange<31
VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillathunderbird*cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Related

openvas 13
ubuntucve 3
prion 3
nvd 3
cvelist 3
cve 3
ubuntu 2
nessus 17
suse 3
securityvulns 1
freebsd 1
mageia 1
gentoo 1
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2014-65) - Linux
2021-11-11 00:00:00
Ubuntu: Security Advisory (USN-2296-1)
2014-07-28 00:00:00
Mozilla Thunderbird Multiple Vulnerabilities-01 (Aug 2014) - Mac OS X
2014-08-07 00:00:00
ubuntucve
ubuntucve
CVE-2014-1559
2014-07-22 00:00:00
CVE-2014-1558
2014-07-22 00:00:00
CVE-2014-1560
2014-07-22 00:00:00
prion
prion
Code injection
2014-07-23 11:12:00
Code injection
2014-07-23 11:12:00
Code injection
2014-07-23 11:12:00
nvd
nvd
CVE-2014-1558
2014-07-23 11:12:43
CVE-2014-1559
2014-07-23 11:12:43
CVE-2014-1560
2014-07-23 11:12:43
cvelist
cvelist
CVE-2014-1558
2014-07-23 10:00:00
CVE-2014-1559
2014-07-23 10:00:00
CVE-2014-1560
2014-07-23 10:00:00
cve
cve
CVE-2014-1558
2014-07-23 11:12:43
CVE-2014-1559
2014-07-23 11:12:43
CVE-2014-1560
2014-07-23 11:12:43
ubuntu
ubuntu
Thunderbird vulnerabilities
2014-07-22 00:00:00
Firefox vulnerabilities
2014-07-22 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : Thunderbird vulnerabilities (USN-2296-1)
2014-07-23 00:00:00
Mozilla Thunderbird < 31.0 Multiple Vulnerabilities (Mac OS X)
2014-07-24 00:00:00
Firefox < 31.0 Multiple Vulnerabilities (Mac OS X)
2014-07-24 00:00:00
suse
suse
MozillaFirefox: Update to Mozilla Firefox 31 (important)
2014-07-30 20:43:23
Security update for Mozilla Firefox (important)
2014-08-02 01:04:22
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2014-07-28 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2014-07-22 00:00:00
mageia
mageia
Updated iceape package fixes security vulnerabilities
2014-10-23 17:27:57
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS

0.028

Percentile

90.6%

JSON
Related for MFSA2014-65
openvas13ubuntucve3prion3nvd3cvelist3cve3ubuntu2nessus17suse3securityvulns1freebsd1mageia1gentoo1