[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-1491Date: (C)2014-02-11   (M)2024-03-27


Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1029717
SECTRACK-1029720
SECTRACK-1029721
http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded
http://seclists.org/fulldisclosure/2015/Apr/5
SECUNIA-56858
SECUNIA-56888
SECUNIA-56922
BID-65332
DSA-2858
DSA-2994
FEDORA-2014-2041
FEDORA-2014-2083
GLSA-201504-01
IAVM:2014-A-0021
SUSE-SU-2014:0248
USN-2102-1
USN-2102-2
USN-2119-1
firefox-nss-cve20141491-unspecified(90886)
http://hg.mozilla.org/projects/nss/rev/12c42006aed8
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html
http://www.mozilla.org/security/announce/2014/mfsa2014-12.html
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
https://bugzilla.mozilla.org/show_bug.cgi?id=934545
openSUSE-SU-2014:0212
openSUSE-SU-2014:0213
openSUSE-SU-2014:0419

CPE    561
cpe:/a:mozilla:firefox:14.0
cpe:/a:mozilla:network_security_services:3.12.1
cpe:/a:mozilla:network_security_services:3.12.3
cpe:/a:mozilla:network_security_services:3.12.2
...
CWE    1
CWE-310
OVAL    16
oval:org.secpod.oval:def:1500654
oval:org.secpod.oval:def:601739
oval:org.secpod.oval:def:203361
oval:org.secpod.oval:def:16749
...

© SecPod Technologies