CVE-2014-1491

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 06-02-2014 06:44

Last modified: - 24-09-2022 05:58

Total changes: - 2

Description

Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:P/I:N/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

Low

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

4.3

Base score

8.6

2.9

Exploitability score

Impact score

Verification logic

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=934545
http://www.mozilla.org/security/announce/2014/mfsa2014-12.html
USN-2102-1-Third Party Advisory
DSA-2858-Third Party Advisory
SUSE-SU-2014:0248-Mailing List, Third Party Advisory
openSUSE-SU-2014:0213-Mailing List, Third Party Advisory
USN-2119-1-Third Party Advisory
openSUSE-SU-2014:0212-Mailing List, Third Party Advisory
USN-2102-2-Third Party Advisory
FEDORA-2014-2083-Third Party Advisory
FEDORA-2014-2041-Third Party Advisory
openSUSE-SU-2014:0419-Mailing List, Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities-Not Applicable
DSA-2994-Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
65332-Third Party Advisory, VDB Entry
GLSA-201504-01-Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
firefox-nss-cve20141491-unspecified(90886)-Third Party Advisory, VDB Entry
1029721-Third Party Advisory, VDB Entry
1029720-Third Party Advisory, VDB Entry
1029717-Third Party Advisory, VDB Entry
56922-Third Party Advisory
56888-Third Party Advisory
56858-Third Party Advisory
http://hg.mozilla.org/projects/nss/rev/12c42006aed8
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities-Not Applicable

Keywords

CVE-2014-1491

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2014-1491

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures