CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
95.1%
A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application (CVE-2014-1544). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running it (CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557). The rootcerts and nss packages have been updated to NSS 3.16.3, and the firefox and thunderbird packages have been updated to version 24.7.0, fixing these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 3 | noarch | firefox | < 24.7.0-1 | firefox-24.7.0-1.mga3 |
Mageia | 3 | noarch | firefox-l10n | < 24.7.0-1 | firefox-l10n-24.7.0-1.mga3 |
Mageia | 3 | noarch | nss | < 3.16.3-1 | nss-3.16.3-1.mga3 |
Mageia | 3 | noarch | rootcerts | < 20140703.00-1 | rootcerts-20140703.00-1.mga3 |
Mageia | 3 | noarch | thunderbird | < 24.7.0-1 | thunderbird-24.7.0-1.mga3 |
Mageia | 3 | noarch | thunderbird-l10n | < 24.7.0-1 | thunderbird-l10n-24.7.0-1.mga3 |
Mageia | 4 | noarch | firefox | < 24.7.0-1 | firefox-24.7.0-1.mga4 |
Mageia | 4 | noarch | firefox-l10n | < 24.7.0-1 | firefox-l10n-24.7.0-1.mga4 |
Mageia | 4 | noarch | nss | < 3.16.3-1 | nss-3.16.3-1.mga4 |
Mageia | 4 | noarch | rootcerts | < 20140703.00-1 | rootcerts-20140703.00-1.mga4 |
www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
www.mozilla.org/security/known-vulnerabilities/thunderbird.html
bugs.mageia.org/show_bug.cgi?id=13790
rhn.redhat.com/errata/RHSA-2014-0917.html
rhn.redhat.com/errata/RHSA-2014-0918.html
rhn.redhat.com/errata/RHSA-2014-0919.html
www.mozilla.org/security/announce/2014/mfsa2014-56.html
www.mozilla.org/security/announce/2014/mfsa2014-61.html
www.mozilla.org/security/announce/2014/mfsa2014-62.html
www.mozilla.org/security/announce/2014/mfsa2014-63.html
www.mozilla.org/security/announce/2014/mfsa2014-64.html