[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110210

 
 

909

 
 

86021

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2014-1568Date: (C)2014-09-26   (M)2018-05-12


Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 7.5
Exploit Score: Exploit Score: 10.0
Impact Score: Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: PARTIAL
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  
Reference:
http://seclists.org/fulldisclosure/2015/Apr/5
SECUNIA-61540
SECUNIA-61574
SECUNIA-61575
SECUNIA-61576
SECUNIA-61583
BID-70116
DSA-3033
DSA-3034
DSA-3037
GLSA-201504-01
RHSA-2014:1307
RHSA-2014:1354
RHSA-2014:1371
SUSE-SU-2014:1220
USN-2360-1
USN-2360-2
USN-2361-1
VU#772676
http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html
http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html
http://www.mozilla.org/security/announce/2014/mfsa2014-73.html
http://www.novell.com/support/kb/doc.php?id=7015701
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1064636
https://bugzilla.mozilla.org/show_bug.cgi?id=1069405
mozilla-nss-cve20141568-sec-bypass(96194)
openSUSE-SU-2014:1224
openSUSE-SU-2014:1232

CPE    216
cpe:/a:mozilla:network_security_services:3.12.1
cpe:/a:mozilla:network_security_services:3.12.3
cpe:/a:mozilla:network_security_services:3.12.2
cpe:/a:mozilla:network_security_services:3.12.5
...
CWE    1
CWE-310
OVAL    29
oval:org.secpod.oval:def:702225
oval:org.secpod.oval:def:601786
oval:org.secpod.oval:def:601798
oval:org.secpod.oval:def:702230
...

© SecPod Technologies