[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-1544Date: (C)2014-07-28   (M)2024-03-27


Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1030617
SECUNIA-59591
SECUNIA-59719
SECUNIA-59760
SECUNIA-60083
SECUNIA-60486
SECUNIA-60621
SECUNIA-60628
BID-68816
DSA-2986
DSA-2996
GLSA-201504-01
IAVM:2014-A-0113
http://www.mozilla.org/security/announce/2014/mfsa2014-63.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
https://bugzilla.mozilla.org/show_bug.cgi?id=963150

CPE    71
cpe:/a:mozilla:network_security_services:3.12.1
cpe:/a:mozilla:network_security_services:3.12.3
cpe:/a:mozilla:network_security_services:3.12.2
cpe:/a:mozilla:network_security_services:3.12.5
...
OVAL    26
oval:org.secpod.oval:def:203362
oval:org.secpod.oval:def:203361
oval:org.secpod.oval:def:203364
oval:org.secpod.oval:def:20624
...

© SecPod Technologies