[Forgot Password]
Login  Register Subscribe

23631

 
 

124008

 
 

98503

 
 

909

 
 

79321

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2014-1568

Date: (C)2014-09-26   (M)2017-11-18 


Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.

CVSS Score: 7.5Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
http://seclists.org/fulldisclosure/2015/Apr/5
SECUNIA-61540
SECUNIA-61574
SECUNIA-61575
SECUNIA-61576
SECUNIA-61583
BID-70116
DSA-3033
DSA-3034
DSA-3037
GLSA-201504-01
RHSA-2014:1307
RHSA-2014:1354
RHSA-2014:1371
SUSE-SU-2014:1220
USN-2360-1
USN-2360-2
USN-2361-1
VU#772676
http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html
http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html
http://www.mozilla.org/security/announce/2014/mfsa2014-73.html
http://www.novell.com/support/kb/doc.php?id=7015701
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1064636
https://bugzilla.mozilla.org/show_bug.cgi?id=1069405
mozilla-nss-cve20141568-sec-bypass(96194)
openSUSE-SU-2014:1224
openSUSE-SU-2014:1232

CPE    216
cpe:/a:mozilla:firefox:32.0
cpe:/a:mozilla:firefox_esr:31.0
cpe:/a:mozilla:thunderbird:31.0
cpe:/a:mozilla:firefox_esr:31.1.0
...
CWE    1
CWE-310
OVAL    29
oval:org.secpod.oval:def:1500836
oval:org.secpod.oval:def:107568
oval:org.secpod.oval:def:107659
oval:org.secpod.oval:def:107720
...

© 2013 SecPod Technologies