ID CVE-2014-1491
Summary Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.
References
Vulnerable Configurations
  • Mozilla Network Security Services 3.2
    cpe:2.3:a:mozilla:network_security_services:3.2
  • Mozilla Network Security Services 3.2.1
    cpe:2.3:a:mozilla:network_security_services:3.2.1
  • Mozilla Network Security Services 3.3
    cpe:2.3:a:mozilla:network_security_services:3.3
  • Mozilla Network Security Services 3.3.1
    cpe:2.3:a:mozilla:network_security_services:3.3.1
  • Mozilla Network Security Services 3.3.2
    cpe:2.3:a:mozilla:network_security_services:3.3.2
  • Mozilla Network Security Services 3.4
    cpe:2.3:a:mozilla:network_security_services:3.4
  • Mozilla Network Security Services 3.4.1
    cpe:2.3:a:mozilla:network_security_services:3.4.1
  • Mozilla Network Security Services 3.4.2
    cpe:2.3:a:mozilla:network_security_services:3.4.2
  • Mozilla Network Security Services 3.5
    cpe:2.3:a:mozilla:network_security_services:3.5
  • Mozilla Network Security Services 3.6
    cpe:2.3:a:mozilla:network_security_services:3.6
  • Mozilla Network Security Services 3.6.1
    cpe:2.3:a:mozilla:network_security_services:3.6.1
  • Mozilla Network Security Services 3.7
    cpe:2.3:a:mozilla:network_security_services:3.7
  • Mozilla Network Security Services 3.7.1
    cpe:2.3:a:mozilla:network_security_services:3.7.1
  • Mozilla Network Security Services 3.7.2
    cpe:2.3:a:mozilla:network_security_services:3.7.2
  • Mozilla Network Security Services 3.7.3
    cpe:2.3:a:mozilla:network_security_services:3.7.3
  • Mozilla Network Security Services 3.7.5
    cpe:2.3:a:mozilla:network_security_services:3.7.5
  • Mozilla Network Security Services 3.7.7
    cpe:2.3:a:mozilla:network_security_services:3.7.7
  • Mozilla Network Security Services 3.8
    cpe:2.3:a:mozilla:network_security_services:3.8
  • Mozilla Network Security Services 3.9
    cpe:2.3:a:mozilla:network_security_services:3.9
  • Mozilla Network Security Services 3.11.2
    cpe:2.3:a:mozilla:network_security_services:3.11.2
  • Mozilla Network Security Services 3.11.3
    cpe:2.3:a:mozilla:network_security_services:3.11.3
  • Mozilla Network Security Services 3.11.4
    cpe:2.3:a:mozilla:network_security_services:3.11.4
  • Mozilla Network Security Services 3.11.5
    cpe:2.3:a:mozilla:network_security_services:3.11.5
  • Mozilla Network Security Services 3.12
    cpe:2.3:a:mozilla:network_security_services:3.12
  • Mozilla Network Security Services 3.12.1
    cpe:2.3:a:mozilla:network_security_services:3.12.1
  • Mozilla Network Security Services 3.12.2
    cpe:2.3:a:mozilla:network_security_services:3.12.2
  • Mozilla Network Security Services 3.12.3
    cpe:2.3:a:mozilla:network_security_services:3.12.3
  • Mozilla Network Security Services 3.12.3.1
    cpe:2.3:a:mozilla:network_security_services:3.12.3.1
  • Mozilla Network Security Services 3.12.3.2
    cpe:2.3:a:mozilla:network_security_services:3.12.3.2
  • Mozilla Network Security Services 3.12.4
    cpe:2.3:a:mozilla:network_security_services:3.12.4
  • Mozilla Network Security Services 3.12.5
    cpe:2.3:a:mozilla:network_security_services:3.12.5
  • Mozilla Network Security Services 3.12.6
    cpe:2.3:a:mozilla:network_security_services:3.12.6
  • Mozilla Network Security Services 3.12.7
    cpe:2.3:a:mozilla:network_security_services:3.12.7
  • Mozilla Network Security Services 3.12.8
    cpe:2.3:a:mozilla:network_security_services:3.12.8
  • Mozilla Network Security Services 3.12.9
    cpe:2.3:a:mozilla:network_security_services:3.12.9
  • Mozilla Network Security Services 3.12.10
    cpe:2.3:a:mozilla:network_security_services:3.12.10
  • Mozilla Network Security Services 3.12.11
    cpe:2.3:a:mozilla:network_security_services:3.12.11
  • Mozilla Network Security Services 3.14
    cpe:2.3:a:mozilla:network_security_services:3.14
  • Mozilla Network Security Services 3.14.1
    cpe:2.3:a:mozilla:network_security_services:3.14.1
  • Mozilla Network Security Services 3.14.2
    cpe:2.3:a:mozilla:network_security_services:3.14.2
  • Mozilla Network Security Services 3.14.3
    cpe:2.3:a:mozilla:network_security_services:3.14.3
  • Mozilla Network Security Services 3.14.4
    cpe:2.3:a:mozilla:network_security_services:3.14.4
  • Mozilla Network Security Services 3.14.5
    cpe:2.3:a:mozilla:network_security_services:3.14.5
  • Mozilla Network Security Services 3.15
    cpe:2.3:a:mozilla:network_security_services:3.15
  • Mozilla Network Security Services 3.15.1
    cpe:2.3:a:mozilla:network_security_services:3.15.1
  • Mozilla Network Security Services 3.15.2
    cpe:2.3:a:mozilla:network_security_services:3.15.2
  • Mozilla Network Security Services 3.15.3
    cpe:2.3:a:mozilla:network_security_services:3.15.3
  • Mozilla SeaMonkey 2.0
    cpe:2.3:a:mozilla:seamonkey:2.0
  • Mozilla SeaMonkey 2.0 Alpha 1
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1
  • Mozilla SeaMonkey 2.0 Alpha 2
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2
  • Mozilla SeaMonkey 2.0 Alpha 3
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3
  • Mozilla SeaMonkey 2.0 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.0:beta_1
  • Mozilla SeaMonkey 2.0 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.0:beta_2
  • Mozilla SeaMonkey 2.0 RC1
    cpe:2.3:a:mozilla:seamonkey:2.0:rc1
  • Mozilla SeaMonkey 2.0 RC2
    cpe:2.3:a:mozilla:seamonkey:2.0:rc2
  • Mozilla SeaMonkey 2.0.1
    cpe:2.3:a:mozilla:seamonkey:2.0.1
  • Mozilla SeaMonkey 2.0.2
    cpe:2.3:a:mozilla:seamonkey:2.0.2
  • Mozilla SeaMonkey 2.0.3
    cpe:2.3:a:mozilla:seamonkey:2.0.3
  • Mozilla SeaMonkey 2.0.4
    cpe:2.3:a:mozilla:seamonkey:2.0.4
  • Mozilla SeaMonkey 2.0.5
    cpe:2.3:a:mozilla:seamonkey:2.0.5
  • Mozilla SeaMonkey 2.0.6
    cpe:2.3:a:mozilla:seamonkey:2.0.6
  • Mozilla SeaMonkey 2.0.7
    cpe:2.3:a:mozilla:seamonkey:2.0.7
  • Mozilla SeaMonkey 2.0.8
    cpe:2.3:a:mozilla:seamonkey:2.0.8
  • Mozilla SeaMonkey 2.0.9
    cpe:2.3:a:mozilla:seamonkey:2.0.9
  • Mozilla SeaMonkey 2.0.10
    cpe:2.3:a:mozilla:seamonkey:2.0.10
  • Mozilla SeaMonkey 2.0.11
    cpe:2.3:a:mozilla:seamonkey:2.0.11
  • Mozilla SeaMonkey 2.0.12
    cpe:2.3:a:mozilla:seamonkey:2.0.12
  • Mozilla SeaMonkey 2.0.13
    cpe:2.3:a:mozilla:seamonkey:2.0.13
  • Mozilla SeaMonkey 2.0.14
    cpe:2.3:a:mozilla:seamonkey:2.0.14
  • Mozilla SeaMonkey 2.1
    cpe:2.3:a:mozilla:seamonkey:2.1
  • Mozilla SeaMonkey 2.1 alpha1
    cpe:2.3:a:mozilla:seamonkey:2.1:alpha1
  • Mozilla SeaMonkey 2.1 alpha2
    cpe:2.3:a:mozilla:seamonkey:2.1:alpha2
  • Mozilla SeaMonkey 2.1 alpha3
    cpe:2.3:a:mozilla:seamonkey:2.1:alpha3
  • Mozilla SeaMonkey 2.1 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.1:beta1
  • Mozilla SeaMonkey 2.1 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.1:beta2
  • Mozilla SeaMonkey 2.1 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.1:beta3
  • Mozilla SeaMonkey 2.1 Release Candidate 1
    cpe:2.3:a:mozilla:seamonkey:2.1:rc1
  • Mozilla SeaMonkey 2.1 Release Candidate 2
    cpe:2.3:a:mozilla:seamonkey:2.1:rc2
  • Mozilla SeaMonkey 2.2
    cpe:2.3:a:mozilla:seamonkey:2.2
  • Mozilla SeaMonkey 2.2 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.2:beta1
  • Mozilla SeaMonkey 2.2 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.2:beta2
  • Mozilla SeaMonkey 2.2 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.2:beta3
  • Mozilla SeaMonkey 2.3
    cpe:2.3:a:mozilla:seamonkey:2.3
  • Mozilla SeaMonkey 2.3 Beta1
    cpe:2.3:a:mozilla:seamonkey:2.3:beta1
  • Mozilla SeaMonkey 2.3 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.3:beta2
  • Mozilla SeaMonkey 2.3 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.3:beta3
  • Mozilla SeaMonkey 2.3.1
    cpe:2.3:a:mozilla:seamonkey:2.3.1
  • Mozilla SeaMonkey 2.3.2
    cpe:2.3:a:mozilla:seamonkey:2.3.2
  • Mozilla SeaMonkey 2.3.3
    cpe:2.3:a:mozilla:seamonkey:2.3.3
  • Mozilla SeaMonkey 2.4
    cpe:2.3:a:mozilla:seamonkey:2.4
  • Mozilla SeaMonkey 2.4 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.4:beta1
  • Mozilla SeaMonkey 2.4 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.4:beta2
  • Mozilla SeaMonkey 2.4 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.4:beta3
  • Mozilla SeaMonkey 2.4.1
    cpe:2.3:a:mozilla:seamonkey:2.4.1
  • Mozilla SeaMonkey 2.5
    cpe:2.3:a:mozilla:seamonkey:2.5
  • Mozilla SeaMonkey 2.5 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.5:beta1
  • Mozilla SeaMonkey 2.5 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.5:beta2
  • Mozilla SeaMonkey 2.5 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.5:beta3
  • Mozilla SeaMonkey 2.5 Beta 4
    cpe:2.3:a:mozilla:seamonkey:2.5:beta4
  • Mozilla SeaMonkey 2.6
    cpe:2.3:a:mozilla:seamonkey:2.6
  • Mozilla SeaMonkey 2.6 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.6:beta1
  • Mozilla SeaMonkey 2.6 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.6:beta2
  • Mozilla SeaMonkey 2.6 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.6:beta3
  • Mozilla SeaMonkey 2.6 Beta 4
    cpe:2.3:a:mozilla:seamonkey:2.6:beta4
  • Mozilla SeaMonkey 2.6.1
    cpe:2.3:a:mozilla:seamonkey:2.6.1
  • Mozilla SeaMonkey 2.7
    cpe:2.3:a:mozilla:seamonkey:2.7
  • Mozilla SeaMonkey 2.7 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.7:beta1
  • Mozilla SeaMonkey 2.7 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.7:beta2
  • Mozilla SeaMonkey 2.7 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.7:beta3
  • Mozilla SeaMonkey 2.7 Beta 4
    cpe:2.3:a:mozilla:seamonkey:2.7:beta4
  • Mozilla SeaMonkey 2.7 Beta 5
    cpe:2.3:a:mozilla:seamonkey:2.7:beta5
  • Mozilla SeaMonkey 2.7.1
    cpe:2.3:a:mozilla:seamonkey:2.7.1
  • Mozilla SeaMonkey 2.7.2
    cpe:2.3:a:mozilla:seamonkey:2.7.2
  • Mozilla SeaMonkey 2.8
    cpe:2.3:a:mozilla:seamonkey:2.8
  • Mozilla SeaMonkey 2.8 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.8:beta1
  • Mozilla SeaMonkey 2.8 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.8:beta2
  • Mozilla SeaMonkey 2.8 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.8:beta3
  • Mozilla SeaMonkey 2.8 Beta 4
    cpe:2.3:a:mozilla:seamonkey:2.8:beta4
  • Mozilla SeaMonkey 2.8 Beta 5
    cpe:2.3:a:mozilla:seamonkey:2.8:beta5
  • Mozilla SeaMonkey 2.8 Beta 6
    cpe:2.3:a:mozilla:seamonkey:2.8:beta6
  • Mozilla SeaMonkey 2.9
    cpe:2.3:a:mozilla:seamonkey:2.9
  • Mozilla SeaMonkey 2.9 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.9:beta1
  • Mozilla SeaMonkey 2.9 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.9:beta2
  • Mozilla SeaMonkey 2.9 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.9:beta3
  • Mozilla SeaMonkey 2.9 beta4
    cpe:2.3:a:mozilla:seamonkey:2.9:beta4
  • Mozilla SeaMonkey 2.9.1
    cpe:2.3:a:mozilla:seamonkey:2.9.1
  • Mozilla SeaMonkey 2.10
    cpe:2.3:a:mozilla:seamonkey:2.10
  • Mozilla SeaMonkey 2.10 beta1
    cpe:2.3:a:mozilla:seamonkey:2.10:beta1
  • Mozilla SeaMonkey 2.10 beta2
    cpe:2.3:a:mozilla:seamonkey:2.10:beta2
  • Mozilla SeaMonkey 2.10 beta3
    cpe:2.3:a:mozilla:seamonkey:2.10:beta3
  • Mozilla SeaMonkey 2.10.1
    cpe:2.3:a:mozilla:seamonkey:2.10.1
  • Mozilla SeaMonkey 2.11
    cpe:2.3:a:mozilla:seamonkey:2.11
  • Mozilla SeaMonkey 2.11 beta1
    cpe:2.3:a:mozilla:seamonkey:2.11:beta1
  • Mozilla SeaMonkey 2.11 beta2
    cpe:2.3:a:mozilla:seamonkey:2.11:beta2
  • Mozilla SeaMonkey 2.11 beta3
    cpe:2.3:a:mozilla:seamonkey:2.11:beta3
  • Mozilla SeaMonkey 2.11 beta4
    cpe:2.3:a:mozilla:seamonkey:2.11:beta4
  • Mozilla SeaMonkey 2.11 beta5
    cpe:2.3:a:mozilla:seamonkey:2.11:beta5
  • Mozilla SeaMonkey 2.11 beta6
    cpe:2.3:a:mozilla:seamonkey:2.11:beta6
  • Mozilla SeaMonkey 2.12
    cpe:2.3:a:mozilla:seamonkey:2.12
  • Mozilla SeaMonkey 2.12 beta1
    cpe:2.3:a:mozilla:seamonkey:2.12:beta1
  • Mozilla SeaMonkey 2.12 beta2
    cpe:2.3:a:mozilla:seamonkey:2.12:beta2
  • Mozilla SeaMonkey 2.12 beta3
    cpe:2.3:a:mozilla:seamonkey:2.12:beta3
  • Mozilla SeaMonkey 2.12 beta4
    cpe:2.3:a:mozilla:seamonkey:2.12:beta4
  • Mozilla SeaMonkey 2.12 beta5
    cpe:2.3:a:mozilla:seamonkey:2.12:beta5
  • Mozilla SeaMonkey 2.12 beta6
    cpe:2.3:a:mozilla:seamonkey:2.12:beta6
  • Mozilla SeaMonkey 2.12.1
    cpe:2.3:a:mozilla:seamonkey:2.12.1
  • Mozilla SeaMonkey 2.13
    cpe:2.3:a:mozilla:seamonkey:2.13
  • Mozilla SeaMonkey 2.13 beta1
    cpe:2.3:a:mozilla:seamonkey:2.13:beta1
  • Mozilla SeaMonkey 2.13 beta2
    cpe:2.3:a:mozilla:seamonkey:2.13:beta2
  • Mozilla SeaMonkey 2.13 beta3
    cpe:2.3:a:mozilla:seamonkey:2.13:beta3
  • Mozilla SeaMonkey 2.13 beta4
    cpe:2.3:a:mozilla:seamonkey:2.13:beta4
  • Mozilla SeaMonkey 2.13 beta5
    cpe:2.3:a:mozilla:seamonkey:2.13:beta5
  • Mozilla SeaMonkey 2.13 beta6
    cpe:2.3:a:mozilla:seamonkey:2.13:beta6
  • Mozilla SeaMonkey 2.13.1
    cpe:2.3:a:mozilla:seamonkey:2.13.1
  • Mozilla Seamonkey 2.13.2
    cpe:2.3:a:mozilla:seamonkey:2.13.2
  • Mozilla Seamonkey 2.14
    cpe:2.3:a:mozilla:seamonkey:2.14
  • Mozilla Seamonkey 2.14 beta1
    cpe:2.3:a:mozilla:seamonkey:2.14:beta1
  • Mozilla Seamonkey 2.14 beta2
    cpe:2.3:a:mozilla:seamonkey:2.14:beta2
  • Mozilla Seamonkey 2.14 beta3
    cpe:2.3:a:mozilla:seamonkey:2.14:beta3
  • Mozilla Seamonkey 2.14 beta4
    cpe:2.3:a:mozilla:seamonkey:2.14:beta4
  • Mozilla Seamonkey 2.14 beta5
    cpe:2.3:a:mozilla:seamonkey:2.14:beta5
  • Mozilla Seamonkey 2.15
    cpe:2.3:a:mozilla:seamonkey:2.15
  • Mozilla Seamonkey 2.15 beta1
    cpe:2.3:a:mozilla:seamonkey:2.15:beta1
  • Mozilla Seamonkey 2.15 beta2
    cpe:2.3:a:mozilla:seamonkey:2.15:beta2
  • Mozilla Seamonkey 2.15 beta3
    cpe:2.3:a:mozilla:seamonkey:2.15:beta3
  • Mozilla Seamonkey 2.15 beta4
    cpe:2.3:a:mozilla:seamonkey:2.15:beta4
  • Mozilla Seamonkey 2.15 beta5
    cpe:2.3:a:mozilla:seamonkey:2.15:beta5
  • Mozilla Seamonkey 2.15 beta6
    cpe:2.3:a:mozilla:seamonkey:2.15:beta6
  • Mozilla Seamonkey 2.15.1
    cpe:2.3:a:mozilla:seamonkey:2.15.1
  • Mozilla Seamonkey 2.15.2
    cpe:2.3:a:mozilla:seamonkey:2.15.2
  • Mozilla Seamonkey 2.16
    cpe:2.3:a:mozilla:seamonkey:2.16
  • Mozilla Seamonkey 2.16 beta1
    cpe:2.3:a:mozilla:seamonkey:2.16:beta1
  • Mozilla Seamonkey 2.16 beta2
    cpe:2.3:a:mozilla:seamonkey:2.16:beta2
  • Mozilla Seamonkey 2.16 beta3
    cpe:2.3:a:mozilla:seamonkey:2.16:beta3
  • Mozilla Seamonkey 2.16 beta4
    cpe:2.3:a:mozilla:seamonkey:2.16:beta4
  • Mozilla Seamonkey 2.16 beta5
    cpe:2.3:a:mozilla:seamonkey:2.16:beta5
  • Mozilla Seamonkey 2.16.1
    cpe:2.3:a:mozilla:seamonkey:2.16.1
  • Mozilla Seamonkey 2.16.2
    cpe:2.3:a:mozilla:seamonkey:2.16.2
  • Mozilla Seamonkey 2.17
    cpe:2.3:a:mozilla:seamonkey:2.17
  • Mozilla Seamonkey 2.17 beta1
    cpe:2.3:a:mozilla:seamonkey:2.17:beta1
  • Mozilla Seamonkey 2.17 beta2
    cpe:2.3:a:mozilla:seamonkey:2.17:beta2
  • Mozilla Seamonkey 2.17 beta3
    cpe:2.3:a:mozilla:seamonkey:2.17:beta3
  • Mozilla Seamonkey 2.17 beta4
    cpe:2.3:a:mozilla:seamonkey:2.17:beta4
  • Mozilla SeaMonkey 2.17.1
    cpe:2.3:a:mozilla:seamonkey:2.17.1
  • Mozilla SeaMonkey 2.18 beta1
    cpe:2.3:a:mozilla:seamonkey:2.18:beta1
  • Mozilla SeaMonkey 2.18 beta2
    cpe:2.3:a:mozilla:seamonkey:2.18:beta2
  • Mozilla SeaMonkey 2.18 beta3
    cpe:2.3:a:mozilla:seamonkey:2.18:beta3
  • Mozilla SeaMonkey 2.18 beta4
    cpe:2.3:a:mozilla:seamonkey:2.18:beta4
  • Mozilla SeaMonkey 2.19
    cpe:2.3:a:mozilla:seamonkey:2.19
  • Mozilla SeaMonkey 2.19 beta1
    cpe:2.3:a:mozilla:seamonkey:2.19:beta1
  • Mozilla SeaMonkey 2.19 beta2
    cpe:2.3:a:mozilla:seamonkey:2.19:beta2
  • Mozilla SeaMonkey 2.20
    cpe:2.3:a:mozilla:seamonkey:2.20
  • Mozilla SeaMonkey 2.20 beta1
    cpe:2.3:a:mozilla:seamonkey:2.20:beta1
  • Mozilla SeaMonkey 2.20 beta2
    cpe:2.3:a:mozilla:seamonkey:2.20:beta2
  • Mozilla SeaMonkey 2.20 beta3
    cpe:2.3:a:mozilla:seamonkey:2.20:beta3
  • cpe:2.3:a:mozilla:seamonkey:2.21
    cpe:2.3:a:mozilla:seamonkey:2.21
  • Mozilla SeaMonkey 2.21 beta1
    cpe:2.3:a:mozilla:seamonkey:2.21:beta1
  • Mozilla SeaMonkey 2.21 beta2
    cpe:2.3:a:mozilla:seamonkey:2.21:beta2
  • cpe:2.3:a:mozilla:seamonkey:2.22
    cpe:2.3:a:mozilla:seamonkey:2.22
  • Mozilla SeaMonkey 2.22 beta1
    cpe:2.3:a:mozilla:seamonkey:2.22:beta1
  • Mozilla SeaMonkey 2.22 beta2
    cpe:2.3:a:mozilla:seamonkey:2.22:beta2
  • Mozilla SeaMonkey 2.22.1
    cpe:2.3:a:mozilla:seamonkey:2.22.1
  • Mozilla SeaMonkey 2.23
    cpe:2.3:a:mozilla:seamonkey:2.23
  • Mozilla SeaMonkey 2.23 beta1
    cpe:2.3:a:mozilla:seamonkey:2.23:beta1
  • Mozilla Seamonkey 2.23 beta2
    cpe:2.3:a:mozilla:seamonkey:2.23:beta2
  • Mozilla SeaMonkey 2.24 beta1
    cpe:2.3:a:mozilla:seamonkey:2.24:beta1
  • Mozilla Firefox 0.1
    cpe:2.3:a:mozilla:firefox:0.1
  • Mozilla Firefox 0.2
    cpe:2.3:a:mozilla:firefox:0.2
  • Mozilla Firefox 0.3
    cpe:2.3:a:mozilla:firefox:0.3
  • Mozilla Firefox 0.4
    cpe:2.3:a:mozilla:firefox:0.4
  • Mozilla Firefox 0.5
    cpe:2.3:a:mozilla:firefox:0.5
  • Mozilla Firefox 0.6
    cpe:2.3:a:mozilla:firefox:0.6
  • Mozilla Firefox 0.6.1
    cpe:2.3:a:mozilla:firefox:0.6.1
  • Mozilla Firefox 0.7
    cpe:2.3:a:mozilla:firefox:0.7
  • Mozilla Firefox 0.7.1
    cpe:2.3:a:mozilla:firefox:0.7.1
  • Mozilla Firefox 0.8
    cpe:2.3:a:mozilla:firefox:0.8
  • Mozilla Firefox 0.9
    cpe:2.3:a:mozilla:firefox:0.9
  • Mozilla Firefox 0.9 rc
    cpe:2.3:a:mozilla:firefox:0.9:rc
  • Mozilla Firefox 0.9.1
    cpe:2.3:a:mozilla:firefox:0.9.1
  • Mozilla Firefox 0.9.2
    cpe:2.3:a:mozilla:firefox:0.9.2
  • Mozilla Firefox 0.9.3
    cpe:2.3:a:mozilla:firefox:0.9.3
  • Mozilla Firefox 0.10
    cpe:2.3:a:mozilla:firefox:0.10
  • Mozilla Firefox 0.10.1
    cpe:2.3:a:mozilla:firefox:0.10.1
  • Mozilla Firefox 1.0
    cpe:2.3:a:mozilla:firefox:1.0
  • Mozilla Firefox 1.0 Preview Release
    cpe:2.3:a:mozilla:firefox:1.0:preview_release
  • Mozilla Firefox 1.0.1
    cpe:2.3:a:mozilla:firefox:1.0.1
  • Mozilla Firefox 1.0.2
    cpe:2.3:a:mozilla:firefox:1.0.2
  • Mozilla Firefox 1.0.3
    cpe:2.3:a:mozilla:firefox:1.0.3
  • Mozilla Firefox 1.0.4
    cpe:2.3:a:mozilla:firefox:1.0.4
  • Mozilla Firefox 1.0.5
    cpe:2.3:a:mozilla:firefox:1.0.5
  • Mozilla Firefox 1.0.6
    cpe:2.3:a:mozilla:firefox:1.0.6
  • Mozilla Firefox 1.0.7
    cpe:2.3:a:mozilla:firefox:1.0.7
  • Mozilla Firefox 1.0.8
    cpe:2.3:a:mozilla:firefox:1.0.8
  • Mozilla Firefox 1.5
    cpe:2.3:a:mozilla:firefox:1.5
  • Mozilla Firefox 1.5 Beta 1
    cpe:2.3:a:mozilla:firefox:1.5:beta1
  • Mozilla Firefox 1.5 Beta 2
    cpe:2.3:a:mozilla:firefox:1.5:beta2
  • Mozilla Firefox 1.5.0.1
    cpe:2.3:a:mozilla:firefox:1.5.0.1
  • Mozilla Firefox 1.5.0.2
    cpe:2.3:a:mozilla:firefox:1.5.0.2
  • Mozilla Firefox 1.5.0.3
    cpe:2.3:a:mozilla:firefox:1.5.0.3
  • Mozilla Firefox 1.5.0.4
    cpe:2.3:a:mozilla:firefox:1.5.0.4
  • Mozilla Firefox 1.5.0.5
    cpe:2.3:a:mozilla:firefox:1.5.0.5
  • Mozilla Firefox 1.5.0.6
    cpe:2.3:a:mozilla:firefox:1.5.0.6
  • Mozilla Firefox 1.5.0.7
    cpe:2.3:a:mozilla:firefox:1.5.0.7
  • Mozilla Firefox 1.5.0.8
    cpe:2.3:a:mozilla:firefox:1.5.0.8
  • Mozilla Firefox 1.5.0.9
    cpe:2.3:a:mozilla:firefox:1.5.0.9
  • Mozilla Firefox 1.5.0.10
    cpe:2.3:a:mozilla:firefox:1.5.0.10
  • Mozilla Firefox 1.5.0.11
    cpe:2.3:a:mozilla:firefox:1.5.0.11
  • Mozilla Firefox 1.5.0.12
    cpe:2.3:a:mozilla:firefox:1.5.0.12
  • Mozilla Firefox 1.5.1
    cpe:2.3:a:mozilla:firefox:1.5.1
  • Mozilla Firefox 1.5.2
    cpe:2.3:a:mozilla:firefox:1.5.2
  • Mozilla Firefox 1.5.3
    cpe:2.3:a:mozilla:firefox:1.5.3
  • Mozilla Firefox 1.5.4
    cpe:2.3:a:mozilla:firefox:1.5.4
  • Mozilla Firefox 1.5.5
    cpe:2.3:a:mozilla:firefox:1.5.5
  • Mozilla Firefox 1.5.6
    cpe:2.3:a:mozilla:firefox:1.5.6
  • Mozilla Firefox 1.5.7
    cpe:2.3:a:mozilla:firefox:1.5.7
  • Mozilla Firefox 1.5.8
    cpe:2.3:a:mozilla:firefox:1.5.8
  • Mozilla Firefox 2.0
    cpe:2.3:a:mozilla:firefox:2.0
  • Mozilla Firefox 2.0.0.1
    cpe:2.3:a:mozilla:firefox:2.0.0.1
  • Mozilla Firefox 2.0.0.2
    cpe:2.3:a:mozilla:firefox:2.0.0.2
  • Mozilla Firefox 2.0.0.3
    cpe:2.3:a:mozilla:firefox:2.0.0.3
  • Mozilla Firefox 2.0.0.4
    cpe:2.3:a:mozilla:firefox:2.0.0.4
  • Mozilla Firefox 2.0.0.5
    cpe:2.3:a:mozilla:firefox:2.0.0.5
  • Mozilla Firefox 2.0.0.6
    cpe:2.3:a:mozilla:firefox:2.0.0.6
  • Mozilla Firefox 2.0.0.7
    cpe:2.3:a:mozilla:firefox:2.0.0.7
  • Mozilla Firefox 2.0.0.8
    cpe:2.3:a:mozilla:firefox:2.0.0.8
  • Mozilla Firefox 2.0.0.9
    cpe:2.3:a:mozilla:firefox:2.0.0.9
  • Mozilla Firefox 2.0.0.10
    cpe:2.3:a:mozilla:firefox:2.0.0.10
  • Mozilla Firefox 2.0.0.11
    cpe:2.3:a:mozilla:firefox:2.0.0.11
  • Mozilla Firefox 2.0.0.12
    cpe:2.3:a:mozilla:firefox:2.0.0.12
  • Mozilla Firefox 2.0.0.13
    cpe:2.3:a:mozilla:firefox:2.0.0.13
  • Mozilla Firefox 2.0.0.14
    cpe:2.3:a:mozilla:firefox:2.0.0.14
  • Mozilla Firefox 2.0.0.15
    cpe:2.3:a:mozilla:firefox:2.0.0.15
  • Mozilla Firefox 2.0.0.16
    cpe:2.3:a:mozilla:firefox:2.0.0.16
  • Mozilla Firefox 2.0.0.17
    cpe:2.3:a:mozilla:firefox:2.0.0.17
  • Mozilla Firefox 2.0.0.18
    cpe:2.3:a:mozilla:firefox:2.0.0.18
  • Mozilla Firefox 2.0.0.19
    cpe:2.3:a:mozilla:firefox:2.0.0.19
  • Mozilla Firefox 2.0.0.20
    cpe:2.3:a:mozilla:firefox:2.0.0.20
  • Mozilla Firefox 3.0
    cpe:2.3:a:mozilla:firefox:3.0
  • Mozilla Firefox 3.0.1
    cpe:2.3:a:mozilla:firefox:3.0.1
  • Mozilla Firefox 3.0.2
    cpe:2.3:a:mozilla:firefox:3.0.2
  • Mozilla Firefox 3.0.3
    cpe:2.3:a:mozilla:firefox:3.0.3
  • Mozilla Firefox 3.0.4
    cpe:2.3:a:mozilla:firefox:3.0.4
  • Mozilla Firefox 3.0.5
    cpe:2.3:a:mozilla:firefox:3.0.5
  • Mozilla Firefox 3.0.6
    cpe:2.3:a:mozilla:firefox:3.0.6
  • Mozilla Firefox 3.0.7
    cpe:2.3:a:mozilla:firefox:3.0.7
  • Mozilla Firefox 3.0.8
    cpe:2.3:a:mozilla:firefox:3.0.8
  • Mozilla Firefox 3.0.9
    cpe:2.3:a:mozilla:firefox:3.0.9
  • Mozilla Firefox 3.0.10
    cpe:2.3:a:mozilla:firefox:3.0.10
  • Mozilla Firefox 3.0.11
    cpe:2.3:a:mozilla:firefox:3.0.11
  • Mozilla Firefox 3.0.12
    cpe:2.3:a:mozilla:firefox:3.0.12
  • Mozilla Firefox 3.0.13
    cpe:2.3:a:mozilla:firefox:3.0.13
  • Mozilla Firefox 3.0.14
    cpe:2.3:a:mozilla:firefox:3.0.14
  • Mozilla Firefox 3.0.15
    cpe:2.3:a:mozilla:firefox:3.0.15
  • Mozilla Firefox 3.0.16
    cpe:2.3:a:mozilla:firefox:3.0.16
  • Mozilla Firefox 3.0.17
    cpe:2.3:a:mozilla:firefox:3.0.17
  • Mozilla Firefox 3.0.18
    cpe:2.3:a:mozilla:firefox:3.0.18
  • Mozilla Firefox 3.0.19
    cpe:2.3:a:mozilla:firefox:3.0.19
  • Mozilla Firefox 3.5
    cpe:2.3:a:mozilla:firefox:3.5
  • Mozilla Firefox 3.5.1
    cpe:2.3:a:mozilla:firefox:3.5.1
  • Mozilla Firefox 3.5.2
    cpe:2.3:a:mozilla:firefox:3.5.2
  • Mozilla Firefox 3.5.3
    cpe:2.3:a:mozilla:firefox:3.5.3
  • Mozilla Firefox 3.5.4
    cpe:2.3:a:mozilla:firefox:3.5.4
  • Mozilla Firefox 3.5.5
    cpe:2.3:a:mozilla:firefox:3.5.5
  • Mozilla Firefox 3.5.6
    cpe:2.3:a:mozilla:firefox:3.5.6
  • Mozilla Firefox 3.5.7
    cpe:2.3:a:mozilla:firefox:3.5.7
  • Mozilla Firefox 3.5.8
    cpe:2.3:a:mozilla:firefox:3.5.8
  • Mozilla Firefox 3.5.9
    cpe:2.3:a:mozilla:firefox:3.5.9
  • Mozilla Firefox 3.5.10
    cpe:2.3:a:mozilla:firefox:3.5.10
  • Mozilla Firefox 3.5.11
    cpe:2.3:a:mozilla:firefox:3.5.11
  • Mozilla Firefox 3.5.12
    cpe:2.3:a:mozilla:firefox:3.5.12
  • Mozilla Firefox 3.5.13
    cpe:2.3:a:mozilla:firefox:3.5.13
  • Mozilla Firefox 3.5.14
    cpe:2.3:a:mozilla:firefox:3.5.14
  • Mozilla Firefox 3.5.15
    cpe:2.3:a:mozilla:firefox:3.5.15
  • Mozilla Firefox 3.5.16
    cpe:2.3:a:mozilla:firefox:3.5.16
  • Mozilla Firefox 3.5.17
    cpe:2.3:a:mozilla:firefox:3.5.17
  • Mozilla Firefox 3.5.18
    cpe:2.3:a:mozilla:firefox:3.5.18
  • Mozilla Firefox 3.5.19
    cpe:2.3:a:mozilla:firefox:3.5.19
  • Mozilla Firefox 3.6
    cpe:2.3:a:mozilla:firefox:3.6
  • Mozilla Firefox 3.6.2
    cpe:2.3:a:mozilla:firefox:3.6.2
  • Mozilla Firefox 3.6.3
    cpe:2.3:a:mozilla:firefox:3.6.3
  • Mozilla Firefox 3.6.4
    cpe:2.3:a:mozilla:firefox:3.6.4
  • Mozilla Firefox 3.6.6
    cpe:2.3:a:mozilla:firefox:3.6.6
  • Mozilla Firefox 3.6.7
    cpe:2.3:a:mozilla:firefox:3.6.7
  • Mozilla Firefox 3.6.8
    cpe:2.3:a:mozilla:firefox:3.6.8
  • Mozilla Firefox 3.6.9
    cpe:2.3:a:mozilla:firefox:3.6.9
  • Mozilla Firefox 3.6.10
    cpe:2.3:a:mozilla:firefox:3.6.10
  • Mozilla Firefox 3.6.11
    cpe:2.3:a:mozilla:firefox:3.6.11
  • Mozilla Firefox 3.6.12
    cpe:2.3:a:mozilla:firefox:3.6.12
  • Mozilla Firefox 3.6.13
    cpe:2.3:a:mozilla:firefox:3.6.13
  • Mozilla Firefox 3.6.14
    cpe:2.3:a:mozilla:firefox:3.6.14
  • Mozilla Firefox 3.6.15
    cpe:2.3:a:mozilla:firefox:3.6.15
  • Mozilla Firefox 3.6.16
    cpe:2.3:a:mozilla:firefox:3.6.16
  • Mozilla Firefox 3.6.17
    cpe:2.3:a:mozilla:firefox:3.6.17
  • Mozilla Firefox 3.6.18
    cpe:2.3:a:mozilla:firefox:3.6.18
  • Mozilla Firefox 3.6.19
    cpe:2.3:a:mozilla:firefox:3.6.19
  • Mozilla Firefox 3.6.20
    cpe:2.3:a:mozilla:firefox:3.6.20
  • Mozilla Firefox 3.6.21
    cpe:2.3:a:mozilla:firefox:3.6.21
  • Mozilla Firefox 3.6.22
    cpe:2.3:a:mozilla:firefox:3.6.22
  • Mozilla Firefox 3.6.23
    cpe:2.3:a:mozilla:firefox:3.6.23
  • Mozilla Firefox 3.6.24
    cpe:2.3:a:mozilla:firefox:3.6.24
  • Mozilla Firefox 3.6.25
    cpe:2.3:a:mozilla:firefox:3.6.25
  • Mozilla Firefox 3.6.26
    cpe:2.3:a:mozilla:firefox:3.6.26
  • Mozilla Firefox 3.6.27
    cpe:2.3:a:mozilla:firefox:3.6.27
  • Mozilla Firefox 3.6.28
    cpe:2.3:a:mozilla:firefox:3.6.28
  • Mozilla Firefox 4.0
    cpe:2.3:a:mozilla:firefox:4.0
  • Mozilla Firefox 4.0 beta1
    cpe:2.3:a:mozilla:firefox:4.0:beta1
  • Mozilla Firefox 4.0 beta10
    cpe:2.3:a:mozilla:firefox:4.0:beta10
  • Mozilla Firefox 4.0 beta11
    cpe:2.3:a:mozilla:firefox:4.0:beta11
  • Mozilla Firefox 4.0 beta12
    cpe:2.3:a:mozilla:firefox:4.0:beta12
  • Mozilla Firefox 4.0 beta2
    cpe:2.3:a:mozilla:firefox:4.0:beta2
  • Mozilla Firefox 4.0 beta3
    cpe:2.3:a:mozilla:firefox:4.0:beta3
  • Mozilla Firefox 4.0 beta4
    cpe:2.3:a:mozilla:firefox:4.0:beta4
  • Mozilla Firefox 4.0 beta5
    cpe:2.3:a:mozilla:firefox:4.0:beta5
  • Mozilla Firefox 4.0 beta6
    cpe:2.3:a:mozilla:firefox:4.0:beta6
  • Mozilla Firefox 4.0 beta7
    cpe:2.3:a:mozilla:firefox:4.0:beta7
  • Mozilla Firefox 4.0 beta8
    cpe:2.3:a:mozilla:firefox:4.0:beta8
  • Mozilla Firefox 4.0 beta9
    cpe:2.3:a:mozilla:firefox:4.0:beta9
  • Mozilla Firefox 4.0.1
    cpe:2.3:a:mozilla:firefox:4.0.1
  • Mozilla Firefox 5.0
    cpe:2.3:a:mozilla:firefox:5.0
  • Mozilla Firefox 5.0.1
    cpe:2.3:a:mozilla:firefox:5.0.1
  • Mozilla Firefox 6.0
    cpe:2.3:a:mozilla:firefox:6.0
  • Mozilla Firefox 6.0.1
    cpe:2.3:a:mozilla:firefox:6.0.1
  • Mozilla Firefox 6.0.2
    cpe:2.3:a:mozilla:firefox:6.0.2
  • Mozilla Firefox 7.0
    cpe:2.3:a:mozilla:firefox:7.0
  • Mozilla Firefox 7.0.1
    cpe:2.3:a:mozilla:firefox:7.0.1
  • Mozilla Firefox 8.0
    cpe:2.3:a:mozilla:firefox:8.0
  • Mozilla Firefox 8.0.1
    cpe:2.3:a:mozilla:firefox:8.0.1
  • Mozilla Firefox 9.0
    cpe:2.3:a:mozilla:firefox:9.0
  • Mozilla Firefox 9.0.1
    cpe:2.3:a:mozilla:firefox:9.0.1
  • Mozilla Firefox 10.0
    cpe:2.3:a:mozilla:firefox:10.0
  • Mozilla Firefox 10.0.1
    cpe:2.3:a:mozilla:firefox:10.0.1
  • Mozilla Firefox 10.0.2
    cpe:2.3:a:mozilla:firefox:10.0.2
  • Mozilla Firefox 10.0.3
    cpe:2.3:a:mozilla:firefox:10.0.3
  • Mozilla Firefox 10.0.4
    cpe:2.3:a:mozilla:firefox:10.0.4
  • Mozilla Firefox 10.0.5
    cpe:2.3:a:mozilla:firefox:10.0.5
  • Mozilla Firefox 10.0.6
    cpe:2.3:a:mozilla:firefox:10.0.6
  • Mozilla Firefox 10.0.7
    cpe:2.3:a:mozilla:firefox:10.0.7
  • Mozilla Firefox 10.0.8
    cpe:2.3:a:mozilla:firefox:10.0.8
  • Mozilla Firefox 10.0.9
    cpe:2.3:a:mozilla:firefox:10.0.9
  • Mozilla Firefox 10.0.10
    cpe:2.3:a:mozilla:firefox:10.0.10
  • Mozilla Firefox 10.0.11
    cpe:2.3:a:mozilla:firefox:10.0.11
  • Mozilla Firefox 10.0.12
    cpe:2.3:a:mozilla:firefox:10.0.12
  • Mozilla Firefox 11.0
    cpe:2.3:a:mozilla:firefox:11.0
  • Mozilla Firefox 12.0
    cpe:2.3:a:mozilla:firefox:12.0
  • Mozilla Firefox 12.0 beta6
    cpe:2.3:a:mozilla:firefox:12.0:beta6
  • Mozilla Firefox 13.0
    cpe:2.3:a:mozilla:firefox:13.0
  • Mozilla Firefox 13.0.1
    cpe:2.3:a:mozilla:firefox:13.0.1
  • Mozilla Firefox 14.0
    cpe:2.3:a:mozilla:firefox:14.0
  • Mozilla Firefox 14.0.1
    cpe:2.3:a:mozilla:firefox:14.0.1
  • Mozilla Firefox 15.0
    cpe:2.3:a:mozilla:firefox:15.0
  • Mozilla Firefox 15.0.1
    cpe:2.3:a:mozilla:firefox:15.0.1
  • Mozilla Firefox 16.0
    cpe:2.3:a:mozilla:firefox:16.0
  • Mozilla Firefox 16.0.1
    cpe:2.3:a:mozilla:firefox:16.0.1
  • Mozilla Firefox 16.0.2
    cpe:2.3:a:mozilla:firefox:16.0.2
  • Mozilla Firefox 17.0.2
    cpe:2.3:a:mozilla:firefox:17.0.2
  • Mozilla Firefox 17.0.3
    cpe:2.3:a:mozilla:firefox:17.0.3
  • Mozilla Firefox 17.0.4
    cpe:2.3:a:mozilla:firefox:17.0.4
  • Mozilla Firefox 17.0.5
    cpe:2.3:a:mozilla:firefox:17.0.5
  • Mozilla Firefox 17.0.6
    cpe:2.3:a:mozilla:firefox:17.0.6
  • Mozilla Firefox 17.0.7
    cpe:2.3:a:mozilla:firefox:17.0.7
  • Mozilla Firefox 17.0.8
    cpe:2.3:a:mozilla:firefox:17.0.8
  • Mozilla Firefox 17.0.9
    cpe:2.3:a:mozilla:firefox:17.0.9
  • Mozilla Firefox 17.0.10
    cpe:2.3:a:mozilla:firefox:17.0.10
  • Mozilla Firefox 17.0.11
    cpe:2.3:a:mozilla:firefox:17.0.11
  • Mozilla Firefox 18.0
    cpe:2.3:a:mozilla:firefox:18.0
  • Mozilla Firefox 18.0.1
    cpe:2.3:a:mozilla:firefox:18.0.1
  • Mozilla Firefox 18.0.2
    cpe:2.3:a:mozilla:firefox:18.0.2
  • Mozilla Firefox 19.0
    cpe:2.3:a:mozilla:firefox:19.0
  • Mozilla Firefox 19.0.1
    cpe:2.3:a:mozilla:firefox:19.0.1
  • Mozilla Firefox 19.0.2
    cpe:2.3:a:mozilla:firefox:19.0.2
  • Mozilla Firefox 20.0
    cpe:2.3:a:mozilla:firefox:20.0
  • Mozilla Firefox 20.0.1
    cpe:2.3:a:mozilla:firefox:20.0.1
  • Mozilla Firefox 21.0
    cpe:2.3:a:mozilla:firefox:21.0
  • Mozilla Firefox 23.0
    cpe:2.3:a:mozilla:firefox:23.0
  • Mozilla Firefox 23.0.1
    cpe:2.3:a:mozilla:firefox:23.0.1
  • Mozilla Firefox 24.0
    cpe:2.3:a:mozilla:firefox:24.0
  • Mozilla Firefox 24.1
    cpe:2.3:a:mozilla:firefox:24.1
  • Mozilla Firefox 24.1.1
    cpe:2.3:a:mozilla:firefox:24.1.1
  • Mozilla Firefox 25.0
    cpe:2.3:a:mozilla:firefox:25.0
  • Mozilla Firefox 25.0.1
    cpe:2.3:a:mozilla:firefox:25.0.1
  • Mozilla Firefox 26.0
    cpe:2.3:a:mozilla:firefox:26.0
  • Mozilla Network Security Services 3.2
    cpe:2.3:a:mozilla:network_security_services:3.2
  • Mozilla Network Security Services 3.2.1
    cpe:2.3:a:mozilla:network_security_services:3.2.1
  • Mozilla Network Security Services 3.3
    cpe:2.3:a:mozilla:network_security_services:3.3
  • Mozilla Network Security Services 3.3.1
    cpe:2.3:a:mozilla:network_security_services:3.3.1
  • Mozilla Network Security Services 3.3.2
    cpe:2.3:a:mozilla:network_security_services:3.3.2
  • Mozilla Network Security Services 3.4
    cpe:2.3:a:mozilla:network_security_services:3.4
  • Mozilla Network Security Services 3.4.1
    cpe:2.3:a:mozilla:network_security_services:3.4.1
  • Mozilla Network Security Services 3.4.2
    cpe:2.3:a:mozilla:network_security_services:3.4.2
  • Mozilla Network Security Services 3.5
    cpe:2.3:a:mozilla:network_security_services:3.5
  • Mozilla Network Security Services 3.6
    cpe:2.3:a:mozilla:network_security_services:3.6
  • Mozilla Network Security Services 3.6.1
    cpe:2.3:a:mozilla:network_security_services:3.6.1
  • Mozilla Network Security Services 3.7
    cpe:2.3:a:mozilla:network_security_services:3.7
  • Mozilla Network Security Services 3.7.1
    cpe:2.3:a:mozilla:network_security_services:3.7.1
  • Mozilla Network Security Services 3.7.2
    cpe:2.3:a:mozilla:network_security_services:3.7.2
  • Mozilla Network Security Services 3.7.3
    cpe:2.3:a:mozilla:network_security_services:3.7.3
  • Mozilla Network Security Services 3.7.5
    cpe:2.3:a:mozilla:network_security_services:3.7.5
  • Mozilla Network Security Services 3.7.7
    cpe:2.3:a:mozilla:network_security_services:3.7.7
  • Mozilla Network Security Services 3.8
    cpe:2.3:a:mozilla:network_security_services:3.8
  • Mozilla Network Security Services 3.9
    cpe:2.3:a:mozilla:network_security_services:3.9
  • Mozilla Network Security Services 3.11.2
    cpe:2.3:a:mozilla:network_security_services:3.11.2
  • Mozilla Network Security Services 3.11.3
    cpe:2.3:a:mozilla:network_security_services:3.11.3
  • Mozilla Network Security Services 3.11.4
    cpe:2.3:a:mozilla:network_security_services:3.11.4
  • Mozilla Network Security Services 3.11.5
    cpe:2.3:a:mozilla:network_security_services:3.11.5
  • Mozilla Network Security Services 3.12
    cpe:2.3:a:mozilla:network_security_services:3.12
  • Mozilla Network Security Services 3.12.1
    cpe:2.3:a:mozilla:network_security_services:3.12.1
  • Mozilla Network Security Services 3.12.2
    cpe:2.3:a:mozilla:network_security_services:3.12.2
  • Mozilla Network Security Services 3.12.3
    cpe:2.3:a:mozilla:network_security_services:3.12.3
  • Mozilla Network Security Services 3.12.3.1
    cpe:2.3:a:mozilla:network_security_services:3.12.3.1
  • Mozilla Network Security Services 3.12.3.2
    cpe:2.3:a:mozilla:network_security_services:3.12.3.2
  • Mozilla Network Security Services 3.12.4
    cpe:2.3:a:mozilla:network_security_services:3.12.4
  • Mozilla Network Security Services 3.12.5
    cpe:2.3:a:mozilla:network_security_services:3.12.5
  • Mozilla Network Security Services 3.12.6
    cpe:2.3:a:mozilla:network_security_services:3.12.6
  • Mozilla Network Security Services 3.12.7
    cpe:2.3:a:mozilla:network_security_services:3.12.7
  • Mozilla Network Security Services 3.12.8
    cpe:2.3:a:mozilla:network_security_services:3.12.8
  • Mozilla Network Security Services 3.12.9
    cpe:2.3:a:mozilla:network_security_services:3.12.9
  • Mozilla Network Security Services 3.12.10
    cpe:2.3:a:mozilla:network_security_services:3.12.10
  • Mozilla Network Security Services 3.12.11
    cpe:2.3:a:mozilla:network_security_services:3.12.11
  • Mozilla Network Security Services 3.14
    cpe:2.3:a:mozilla:network_security_services:3.14
  • Mozilla Network Security Services 3.14.1
    cpe:2.3:a:mozilla:network_security_services:3.14.1
  • Mozilla Network Security Services 3.14.2
    cpe:2.3:a:mozilla:network_security_services:3.14.2
  • Mozilla Network Security Services 3.14.3
    cpe:2.3:a:mozilla:network_security_services:3.14.3
  • Mozilla Network Security Services 3.14.4
    cpe:2.3:a:mozilla:network_security_services:3.14.4
  • Mozilla Network Security Services 3.14.5
    cpe:2.3:a:mozilla:network_security_services:3.14.5
  • Mozilla Network Security Services 3.15
    cpe:2.3:a:mozilla:network_security_services:3.15
  • Mozilla Network Security Services 3.15.1
    cpe:2.3:a:mozilla:network_security_services:3.15.1
  • Mozilla Network Security Services 3.15.2
    cpe:2.3:a:mozilla:network_security_services:3.15.2
  • Mozilla Network Security Services 3.15.3
    cpe:2.3:a:mozilla:network_security_services:3.15.3
  • Mozilla Firefox Extended Support Release (ESR) 24.0
    cpe:2.3:a:mozilla:firefox_esr:24.0
  • Mozilla Firefox Extended Support Release (ESR) 24.0.1
    cpe:2.3:a:mozilla:firefox_esr:24.0.1
  • Mozilla Firefox Extended Support Release (ESR) 24.0.2
    cpe:2.3:a:mozilla:firefox_esr:24.0.2
  • Mozilla Firefox Extended Support Release (ESR) 24.1.0
    cpe:2.3:a:mozilla:firefox_esr:24.1.0
  • Mozilla Firefox Extended Support Release (ESR) 24.1.1
    cpe:2.3:a:mozilla:firefox_esr:24.1.1
  • Mozilla Firefox Extended Support Release (ESR) 24.2
    cpe:2.3:a:mozilla:firefox_esr:24.2
  • Mozilla Network Security Services 3.2
    cpe:2.3:a:mozilla:network_security_services:3.2
  • Mozilla Network Security Services 3.2.1
    cpe:2.3:a:mozilla:network_security_services:3.2.1
  • Mozilla Network Security Services 3.3
    cpe:2.3:a:mozilla:network_security_services:3.3
  • Mozilla Network Security Services 3.3.1
    cpe:2.3:a:mozilla:network_security_services:3.3.1
  • Mozilla Network Security Services 3.3.2
    cpe:2.3:a:mozilla:network_security_services:3.3.2
  • Mozilla Network Security Services 3.4
    cpe:2.3:a:mozilla:network_security_services:3.4
  • Mozilla Network Security Services 3.4.1
    cpe:2.3:a:mozilla:network_security_services:3.4.1
  • Mozilla Network Security Services 3.4.2
    cpe:2.3:a:mozilla:network_security_services:3.4.2
  • Mozilla Network Security Services 3.5
    cpe:2.3:a:mozilla:network_security_services:3.5
  • Mozilla Network Security Services 3.6
    cpe:2.3:a:mozilla:network_security_services:3.6
  • Mozilla Network Security Services 3.6.1
    cpe:2.3:a:mozilla:network_security_services:3.6.1
  • Mozilla Network Security Services 3.7
    cpe:2.3:a:mozilla:network_security_services:3.7
  • Mozilla Network Security Services 3.7.1
    cpe:2.3:a:mozilla:network_security_services:3.7.1
  • Mozilla Network Security Services 3.7.2
    cpe:2.3:a:mozilla:network_security_services:3.7.2
  • Mozilla Network Security Services 3.7.3
    cpe:2.3:a:mozilla:network_security_services:3.7.3
  • Mozilla Network Security Services 3.7.5
    cpe:2.3:a:mozilla:network_security_services:3.7.5
  • Mozilla Network Security Services 3.7.7
    cpe:2.3:a:mozilla:network_security_services:3.7.7
  • Mozilla Network Security Services 3.8
    cpe:2.3:a:mozilla:network_security_services:3.8
  • Mozilla Network Security Services 3.9
    cpe:2.3:a:mozilla:network_security_services:3.9
  • Mozilla Network Security Services 3.11.2
    cpe:2.3:a:mozilla:network_security_services:3.11.2
  • Mozilla Network Security Services 3.11.3
    cpe:2.3:a:mozilla:network_security_services:3.11.3
  • Mozilla Network Security Services 3.11.4
    cpe:2.3:a:mozilla:network_security_services:3.11.4
  • Mozilla Network Security Services 3.11.5
    cpe:2.3:a:mozilla:network_security_services:3.11.5
  • Mozilla Network Security Services 3.12
    cpe:2.3:a:mozilla:network_security_services:3.12
  • Mozilla Network Security Services 3.12.1
    cpe:2.3:a:mozilla:network_security_services:3.12.1
  • Mozilla Network Security Services 3.12.2
    cpe:2.3:a:mozilla:network_security_services:3.12.2
  • Mozilla Network Security Services 3.12.3
    cpe:2.3:a:mozilla:network_security_services:3.12.3
  • Mozilla Network Security Services 3.12.3.1
    cpe:2.3:a:mozilla:network_security_services:3.12.3.1
  • Mozilla Network Security Services 3.12.3.2
    cpe:2.3:a:mozilla:network_security_services:3.12.3.2
  • Mozilla Network Security Services 3.12.4
    cpe:2.3:a:mozilla:network_security_services:3.12.4
  • Mozilla Network Security Services 3.12.5
    cpe:2.3:a:mozilla:network_security_services:3.12.5
  • Mozilla Network Security Services 3.12.6
    cpe:2.3:a:mozilla:network_security_services:3.12.6
  • Mozilla Network Security Services 3.12.7
    cpe:2.3:a:mozilla:network_security_services:3.12.7
  • Mozilla Network Security Services 3.12.8
    cpe:2.3:a:mozilla:network_security_services:3.12.8
  • Mozilla Network Security Services 3.12.9
    cpe:2.3:a:mozilla:network_security_services:3.12.9
  • Mozilla Network Security Services 3.12.10
    cpe:2.3:a:mozilla:network_security_services:3.12.10
  • Mozilla Network Security Services 3.12.11
    cpe:2.3:a:mozilla:network_security_services:3.12.11
  • Mozilla Network Security Services 3.14
    cpe:2.3:a:mozilla:network_security_services:3.14
  • Mozilla Network Security Services 3.14.1
    cpe:2.3:a:mozilla:network_security_services:3.14.1
  • Mozilla Network Security Services 3.14.2
    cpe:2.3:a:mozilla:network_security_services:3.14.2
  • Mozilla Network Security Services 3.14.3
    cpe:2.3:a:mozilla:network_security_services:3.14.3
  • Mozilla Network Security Services 3.14.4
    cpe:2.3:a:mozilla:network_security_services:3.14.4
  • Mozilla Network Security Services 3.14.5
    cpe:2.3:a:mozilla:network_security_services:3.14.5
  • Mozilla Network Security Services 3.15
    cpe:2.3:a:mozilla:network_security_services:3.15
  • Mozilla Network Security Services 3.15.1
    cpe:2.3:a:mozilla:network_security_services:3.15.1
  • Mozilla Network Security Services 3.15.2
    cpe:2.3:a:mozilla:network_security_services:3.15.2
  • Mozilla Network Security Services 3.15.3
    cpe:2.3:a:mozilla:network_security_services:3.15.3
  • Mozilla Network Security Services 3.2
    cpe:2.3:a:mozilla:network_security_services:3.2
  • Mozilla Network Security Services 3.2.1
    cpe:2.3:a:mozilla:network_security_services:3.2.1
  • Mozilla Network Security Services 3.3
    cpe:2.3:a:mozilla:network_security_services:3.3
  • Mozilla Network Security Services 3.3.1
    cpe:2.3:a:mozilla:network_security_services:3.3.1
  • Mozilla Network Security Services 3.3.2
    cpe:2.3:a:mozilla:network_security_services:3.3.2
  • Mozilla Network Security Services 3.4
    cpe:2.3:a:mozilla:network_security_services:3.4
  • Mozilla Network Security Services 3.4.1
    cpe:2.3:a:mozilla:network_security_services:3.4.1
  • Mozilla Network Security Services 3.4.2
    cpe:2.3:a:mozilla:network_security_services:3.4.2
  • Mozilla Network Security Services 3.5
    cpe:2.3:a:mozilla:network_security_services:3.5
  • Mozilla Network Security Services 3.6
    cpe:2.3:a:mozilla:network_security_services:3.6
  • Mozilla Network Security Services 3.6.1
    cpe:2.3:a:mozilla:network_security_services:3.6.1
  • Mozilla Network Security Services 3.7
    cpe:2.3:a:mozilla:network_security_services:3.7
  • Mozilla Network Security Services 3.7.1
    cpe:2.3:a:mozilla:network_security_services:3.7.1
  • Mozilla Network Security Services 3.7.2
    cpe:2.3:a:mozilla:network_security_services:3.7.2
  • Mozilla Network Security Services 3.7.3
    cpe:2.3:a:mozilla:network_security_services:3.7.3
  • Mozilla Network Security Services 3.7.5
    cpe:2.3:a:mozilla:network_security_services:3.7.5
  • Mozilla Network Security Services 3.7.7
    cpe:2.3:a:mozilla:network_security_services:3.7.7
  • Mozilla Network Security Services 3.8
    cpe:2.3:a:mozilla:network_security_services:3.8
  • Mozilla Network Security Services 3.9
    cpe:2.3:a:mozilla:network_security_services:3.9
  • Mozilla Network Security Services 3.11.2
    cpe:2.3:a:mozilla:network_security_services:3.11.2
  • Mozilla Network Security Services 3.11.3
    cpe:2.3:a:mozilla:network_security_services:3.11.3
  • Mozilla Network Security Services 3.11.4
    cpe:2.3:a:mozilla:network_security_services:3.11.4
  • Mozilla Network Security Services 3.11.5
    cpe:2.3:a:mozilla:network_security_services:3.11.5
  • Mozilla Network Security Services 3.12
    cpe:2.3:a:mozilla:network_security_services:3.12
  • Mozilla Network Security Services 3.12.1
    cpe:2.3:a:mozilla:network_security_services:3.12.1
  • Mozilla Network Security Services 3.12.2
    cpe:2.3:a:mozilla:network_security_services:3.12.2
  • Mozilla Network Security Services 3.12.3
    cpe:2.3:a:mozilla:network_security_services:3.12.3
  • Mozilla Network Security Services 3.12.3.1
    cpe:2.3:a:mozilla:network_security_services:3.12.3.1
  • Mozilla Network Security Services 3.12.3.2
    cpe:2.3:a:mozilla:network_security_services:3.12.3.2
  • Mozilla Network Security Services 3.12.4
    cpe:2.3:a:mozilla:network_security_services:3.12.4
  • Mozilla Network Security Services 3.12.5
    cpe:2.3:a:mozilla:network_security_services:3.12.5
  • Mozilla Network Security Services 3.12.6
    cpe:2.3:a:mozilla:network_security_services:3.12.6
  • Mozilla Network Security Services 3.12.7
    cpe:2.3:a:mozilla:network_security_services:3.12.7
  • Mozilla Network Security Services 3.12.8
    cpe:2.3:a:mozilla:network_security_services:3.12.8
  • Mozilla Network Security Services 3.12.9
    cpe:2.3:a:mozilla:network_security_services:3.12.9
  • Mozilla Network Security Services 3.12.10
    cpe:2.3:a:mozilla:network_security_services:3.12.10
  • Mozilla Network Security Services 3.12.11
    cpe:2.3:a:mozilla:network_security_services:3.12.11
  • Mozilla Network Security Services 3.14
    cpe:2.3:a:mozilla:network_security_services:3.14
  • Mozilla Network Security Services 3.14.1
    cpe:2.3:a:mozilla:network_security_services:3.14.1
  • Mozilla Network Security Services 3.14.2
    cpe:2.3:a:mozilla:network_security_services:3.14.2
  • Mozilla Network Security Services 3.14.3
    cpe:2.3:a:mozilla:network_security_services:3.14.3
  • Mozilla Network Security Services 3.14.4
    cpe:2.3:a:mozilla:network_security_services:3.14.4
  • Mozilla Network Security Services 3.14.5
    cpe:2.3:a:mozilla:network_security_services:3.14.5
  • Mozilla Network Security Services 3.15
    cpe:2.3:a:mozilla:network_security_services:3.15
  • Mozilla Network Security Services 3.15.1
    cpe:2.3:a:mozilla:network_security_services:3.15.1
  • Mozilla Network Security Services 3.15.2
    cpe:2.3:a:mozilla:network_security_services:3.15.2
  • Mozilla Network Security Services 3.15.3
    cpe:2.3:a:mozilla:network_security_services:3.15.3
  • Mozilla Thunderbird 0.1
    cpe:2.3:a:mozilla:thunderbird:0.1
  • Mozilla Thunderbird 0.2
    cpe:2.3:a:mozilla:thunderbird:0.2
  • Mozilla Thunderbird 0.3
    cpe:2.3:a:mozilla:thunderbird:0.3
  • Mozilla Thunderbird 0.4
    cpe:2.3:a:mozilla:thunderbird:0.4
  • Mozilla Thunderbird 0.5
    cpe:2.3:a:mozilla:thunderbird:0.5
  • Mozilla Thunderbird 0.6
    cpe:2.3:a:mozilla:thunderbird:0.6
  • Mozilla Thunderbird 0.7
    cpe:2.3:a:mozilla:thunderbird:0.7
  • Mozilla Thunderbird 0.7.1
    cpe:2.3:a:mozilla:thunderbird:0.7.1
  • Mozilla Thunderbird 0.7.2
    cpe:2.3:a:mozilla:thunderbird:0.7.2
  • Mozilla Thunderbird 0.7.3
    cpe:2.3:a:mozilla:thunderbird:0.7.3
  • Mozilla Thunderbird 0.8
    cpe:2.3:a:mozilla:thunderbird:0.8
  • Mozilla Thunderbird 0.9
    cpe:2.3:a:mozilla:thunderbird:0.9
  • Mozilla Thunderbird 1.0
    cpe:2.3:a:mozilla:thunderbird:1.0
  • Mozilla Thunderbird 1.0.1
    cpe:2.3:a:mozilla:thunderbird:1.0.1
  • Mozilla Thunderbird 1.0.2
    cpe:2.3:a:mozilla:thunderbird:1.0.2
  • Mozilla Thunderbird 1.0.3
    cpe:2.3:a:mozilla:thunderbird:1.0.3
  • Mozilla Thunderbird 1.0.4
    cpe:2.3:a:mozilla:thunderbird:1.0.4
  • Mozilla Thunderbird 1.0.5
    cpe:2.3:a:mozilla:thunderbird:1.0.5
  • Mozilla Thunderbird 1.0.5 Beta
    cpe:2.3:a:mozilla:thunderbird:1.0.5:beta
  • Mozilla Thunderbird 1.0.6
    cpe:2.3:a:mozilla:thunderbird:1.0.6
  • Mozilla Thunderbird 1.0.7
    cpe:2.3:a:mozilla:thunderbird:1.0.7
  • Mozilla Thunderbird 1.0.8
    cpe:2.3:a:mozilla:thunderbird:1.0.8
  • Mozilla Thunderbird 1.5
    cpe:2.3:a:mozilla:thunderbird:1.5
  • Mozilla Thunderbird 1.5 Beta 2
    cpe:2.3:a:mozilla:thunderbird:1.5:beta2
  • Mozilla Thunderbird 1.5.0.1
    cpe:2.3:a:mozilla:thunderbird:1.5.0.1
  • Mozilla Thunderbird 1.5.0.2
    cpe:2.3:a:mozilla:thunderbird:1.5.0.2
  • Mozilla Thunderbird 1.5.0.3
    cpe:2.3:a:mozilla:thunderbird:1.5.0.3
  • Mozilla Thunderbird 1.5.0.4
    cpe:2.3:a:mozilla:thunderbird:1.5.0.4
  • Mozilla Thunderbird 1.5.0.5
    cpe:2.3:a:mozilla:thunderbird:1.5.0.5
  • Mozilla Thunderbird 1.5.0.6
    cpe:2.3:a:mozilla:thunderbird:1.5.0.6
  • Mozilla Thunderbird 1.5.0.7
    cpe:2.3:a:mozilla:thunderbird:1.5.0.7
  • Mozilla Thunderbird 1.5.0.8
    cpe:2.3:a:mozilla:thunderbird:1.5.0.8
  • Mozilla Thunderbird 1.5.0.9
    cpe:2.3:a:mozilla:thunderbird:1.5.0.9
  • Mozilla Thunderbird 1.5.0.10
    cpe:2.3:a:mozilla:thunderbird:1.5.0.10
  • Mozilla Thunderbird 1.5.0.11
    cpe:2.3:a:mozilla:thunderbird:1.5.0.11
  • Mozilla Thunderbird 1.5.0.12
    cpe:2.3:a:mozilla:thunderbird:1.5.0.12
  • Mozilla Thunderbird 1.5.0.13
    cpe:2.3:a:mozilla:thunderbird:1.5.0.13
  • Mozilla Thunderbird 1.5.0.14
    cpe:2.3:a:mozilla:thunderbird:1.5.0.14
  • Mozilla Thunderbird 1.5.1
    cpe:2.3:a:mozilla:thunderbird:1.5.1
  • Mozilla Thunderbird 1.5.2
    cpe:2.3:a:mozilla:thunderbird:1.5.2
  • Mozilla Mozilla Mail 1.7.1
    cpe:2.3:a:mozilla:thunderbird:1.7.1
  • Mozilla Mozilla Mail 1.7.3
    cpe:2.3:a:mozilla:thunderbird:1.7.3
  • Mozilla Thunderbird 2.0
    cpe:2.3:a:mozilla:thunderbird:2.0
  • Mozilla Thunderbird 2.0.0.0
    cpe:2.3:a:mozilla:thunderbird:2.0.0.0
  • Mozilla Thunderbird 2.0.0.1
    cpe:2.3:a:mozilla:thunderbird:2.0.0.1
  • Mozilla Thunderbird 2.0.0.2
    cpe:2.3:a:mozilla:thunderbird:2.0.0.2
  • Mozilla Thunderbird 2.0.0.3
    cpe:2.3:a:mozilla:thunderbird:2.0.0.3
  • Mozilla Thunderbird 2.0.0.4
    cpe:2.3:a:mozilla:thunderbird:2.0.0.4
  • Mozilla Thunderbird 2.0.0.5
    cpe:2.3:a:mozilla:thunderbird:2.0.0.5
  • Mozilla Thunderbird 2.0.0.6
    cpe:2.3:a:mozilla:thunderbird:2.0.0.6
  • Mozilla Thunderbird 2.0.0.7
    cpe:2.3:a:mozilla:thunderbird:2.0.0.7
  • Mozilla Thunderbird 2.0.0.8
    cpe:2.3:a:mozilla:thunderbird:2.0.0.8
  • Mozilla Thunderbird 2.0.0.9
    cpe:2.3:a:mozilla:thunderbird:2.0.0.9
  • Mozilla Thunderbird 2.0.0.11
    cpe:2.3:a:mozilla:thunderbird:2.0.0.11
  • Mozilla Thunderbird 2.0.0.12
    cpe:2.3:a:mozilla:thunderbird:2.0.0.12
  • Mozilla Thunderbird 2.0.0.13
    cpe:2.3:a:mozilla:thunderbird:2.0.0.13
  • Mozilla Thunderbird 2.0.0.14
    cpe:2.3:a:mozilla:thunderbird:2.0.0.14
  • Mozilla Thunderbird 2.0.0.15
    cpe:2.3:a:mozilla:thunderbird:2.0.0.15
  • Mozilla Thunderbird 2.0.0.16
    cpe:2.3:a:mozilla:thunderbird:2.0.0.16
  • Mozilla Thunderbird 2.0.0.17
    cpe:2.3:a:mozilla:thunderbird:2.0.0.17
  • Mozilla Thunderbird 2.0.0.18
    cpe:2.3:a:mozilla:thunderbird:2.0.0.18
  • Mozilla Thunderbird 2.0.0.19
    cpe:2.3:a:mozilla:thunderbird:2.0.0.19
  • Mozilla Thunderbird 2.0.0.20
    cpe:2.3:a:mozilla:thunderbird:2.0.0.20
  • Mozilla Thunderbird 2.0.0.21
    cpe:2.3:a:mozilla:thunderbird:2.0.0.21
  • Mozilla Thunderbird 2.0.0.22
    cpe:2.3:a:mozilla:thunderbird:2.0.0.22
  • Mozilla Thunderbird 2.0.0.23
    cpe:2.3:a:mozilla:thunderbird:2.0.0.23
  • Mozilla Thunderbird 3.0
    cpe:2.3:a:mozilla:thunderbird:3.0
  • Mozilla Thunderbird 3.0.1
    cpe:2.3:a:mozilla:thunderbird:3.0.1
  • Mozilla Thunderbird 3.0.2
    cpe:2.3:a:mozilla:thunderbird:3.0.2
  • Mozilla Thunderbird 3.0.3
    cpe:2.3:a:mozilla:thunderbird:3.0.3
  • Mozilla Thunderbird 3.0.4
    cpe:2.3:a:mozilla:thunderbird:3.0.4
  • Mozilla Thunderbird 3.0.5
    cpe:2.3:a:mozilla:thunderbird:3.0.5
  • Mozilla Thunderbird 3.0.6
    cpe:2.3:a:mozilla:thunderbird:3.0.6
  • Mozilla Thunderbird 3.0.7
    cpe:2.3:a:mozilla:thunderbird:3.0.7
  • Mozilla Thunderbird 3.0.8
    cpe:2.3:a:mozilla:thunderbird:3.0.8
  • Mozilla Thunderbird 3.0.9
    cpe:2.3:a:mozilla:thunderbird:3.0.9
  • Mozilla Thunderbird 3.0.10
    cpe:2.3:a:mozilla:thunderbird:3.0.10
  • Mozilla Thunderbird 3.0.11
    cpe:2.3:a:mozilla:thunderbird:3.0.11
  • Mozilla Thunderbird 3.1
    cpe:2.3:a:mozilla:thunderbird:3.1
  • Mozilla Thunderbird 3.1.1
    cpe:2.3:a:mozilla:thunderbird:3.1.1
  • Mozilla Thunderbird 3.1.2
    cpe:2.3:a:mozilla:thunderbird:3.1.2
  • Mozilla Thunderbird 3.1.3
    cpe:2.3:a:mozilla:thunderbird:3.1.3
  • Mozilla Thunderbird 3.1.4
    cpe:2.3:a:mozilla:thunderbird:3.1.4
  • Mozilla Thunderbird 3.1.5
    cpe:2.3:a:mozilla:thunderbird:3.1.5
  • Mozilla Thunderbird 3.1.6
    cpe:2.3:a:mozilla:thunderbird:3.1.6
  • Mozilla Thunderbird 3.1.7
    cpe:2.3:a:mozilla:thunderbird:3.1.7
  • Mozilla Thunderbird 3.1.8
    cpe:2.3:a:mozilla:thunderbird:3.1.8
  • Mozilla Thunderbird 3.1.9
    cpe:2.3:a:mozilla:thunderbird:3.1.9
  • Mozilla Thunderbird 3.1.10
    cpe:2.3:a:mozilla:thunderbird:3.1.10
  • Mozilla Thunderbird 3.1.11
    cpe:2.3:a:mozilla:thunderbird:3.1.11
  • Mozilla Thunderbird 3.1.12
    cpe:2.3:a:mozilla:thunderbird:3.1.12
  • Mozilla Thunderbird 3.1.13
    cpe:2.3:a:mozilla:thunderbird:3.1.13
  • Mozilla Thunderbird 3.1.14
    cpe:2.3:a:mozilla:thunderbird:3.1.14
  • Mozilla Thunderbird 3.1.15
    cpe:2.3:a:mozilla:thunderbird:3.1.15
  • Mozilla Thunderbird 3.1.16
    cpe:2.3:a:mozilla:thunderbird:3.1.16
  • Mozilla Thunderbird 3.1.17
    cpe:2.3:a:mozilla:thunderbird:3.1.17
  • Mozilla Thunderbird 5.0
    cpe:2.3:a:mozilla:thunderbird:5.0
  • Mozilla Thunderbird 6.0
    cpe:2.3:a:mozilla:thunderbird:6.0
  • Mozilla Thunderbird 6.0.1
    cpe:2.3:a:mozilla:thunderbird:6.0.1
  • Mozilla Thunderbird 6.0.2
    cpe:2.3:a:mozilla:thunderbird:6.0.2
  • Mozilla Thunderbird 7.0
    cpe:2.3:a:mozilla:thunderbird:7.0
  • Mozilla Thunderbird 7.0.1
    cpe:2.3:a:mozilla:thunderbird:7.0.1
  • Mozilla Thunderbird 8.0
    cpe:2.3:a:mozilla:thunderbird:8.0
  • Mozilla Thunderbird 9.0
    cpe:2.3:a:mozilla:thunderbird:9.0
  • Mozilla Thunderbird 9.0.1
    cpe:2.3:a:mozilla:thunderbird:9.0.1
  • Mozilla Thunderbird 10.0
    cpe:2.3:a:mozilla:thunderbird:10.0
  • Mozilla Thunderbird 10.0.1
    cpe:2.3:a:mozilla:thunderbird:10.0.1
  • Mozilla Thunderbird 10.0.2
    cpe:2.3:a:mozilla:thunderbird:10.0.2
  • Mozilla Thunderbird 10.0.3
    cpe:2.3:a:mozilla:thunderbird:10.0.3
  • Mozilla Thunderbird 10.0.4
    cpe:2.3:a:mozilla:thunderbird:10.0.4
  • Mozilla Thunderbird 11.0
    cpe:2.3:a:mozilla:thunderbird:11.0
  • Mozilla Thunderbird 11.0.1
    cpe:2.3:a:mozilla:thunderbird:11.0.1
  • Mozilla Thunderbird 12.0
    cpe:2.3:a:mozilla:thunderbird:12.0
  • Mozilla Thunderbird 12.0.1
    cpe:2.3:a:mozilla:thunderbird:12.0.1
  • Mozilla Thunderbird 13.0
    cpe:2.3:a:mozilla:thunderbird:13.0
  • Mozilla Thunderbird 13.0.1
    cpe:2.3:a:mozilla:thunderbird:13.0.1
  • Mozilla Thunderbird 14.0
    cpe:2.3:a:mozilla:thunderbird:14.0
  • Mozilla Thunderbird 15.0
    cpe:2.3:a:mozilla:thunderbird:15.0
  • Mozilla Thunderbird 15.0.1
    cpe:2.3:a:mozilla:thunderbird:15.0.1
  • Mozilla Thunderbird 16.0
    cpe:2.3:a:mozilla:thunderbird:16.0
  • Mozilla Thunderbird 16.0.1
    cpe:2.3:a:mozilla:thunderbird:16.0.1
  • Mozilla Thunderbird 16.0.2
    cpe:2.3:a:mozilla:thunderbird:16.0.2
  • Mozilla Thunderbird 17.0
    cpe:2.3:a:mozilla:thunderbird:17.0
  • Mozilla Thunderbird 17.0.1
    cpe:2.3:a:mozilla:thunderbird:17.0.1
  • Mozilla Thunderbird 17.0.2
    cpe:2.3:a:mozilla:thunderbird:17.0.2
  • Mozilla Thunderbird 17.0.3
    cpe:2.3:a:mozilla:thunderbird:17.0.3
  • Mozilla Thunderbird 17.0.4
    cpe:2.3:a:mozilla:thunderbird:17.0.4
  • Mozilla Thunderbird 17.0.5
    cpe:2.3:a:mozilla:thunderbird:17.0.5
  • Mozilla Thunderbird 17.0.6
    cpe:2.3:a:mozilla:thunderbird:17.0.6
  • Mozilla Thunderbird 17.0.7
    cpe:2.3:a:mozilla:thunderbird:17.0.7
  • Mozilla Thunderbird 17.0.8
    cpe:2.3:a:mozilla:thunderbird:17.0.8
  • Mozilla Thunderbird 24.0
    cpe:2.3:a:mozilla:thunderbird:24.0
  • Mozilla Thunderbird 24.0.1
    cpe:2.3:a:mozilla:thunderbird:24.0.1
  • Mozilla Thunderbird 24.1
    cpe:2.3:a:mozilla:thunderbird:24.1
  • Mozilla Thunderbird 24.1.1
    cpe:2.3:a:mozilla:thunderbird:24.1.1
  • Mozilla Thunderbird 24.2
    cpe:2.3:a:mozilla:thunderbird:24.2
CVSS
Base: 5.0 (as of 08-07-2016 - 11:50)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_FIREFOX-201402-140207.NASL
    description This updates the Mozilla Firefox browser to the 24.3.0ESR security release. The Mozilla NSS libraries are now on version 3.15.4. The following security issues have been fixed : - Memory safety bugs fixed in Firefox ESR 24.3 and Firefox 27.0 (CVE-2014-1477)(bnc#862345). (MFSA 2014-01) - Using XBL scopes its possible to steal(clone) native anonymous content (CVE-2014-1479)(bnc#862348). (MFSA 2014-02) - Download 'open file' dialog delay is too quick, doesn't prevent clickjacking. (CVE-2014-1480). (MFSA 2014-03) - Image decoding causing FireFox to crash with Goo Create (CVE-2014-1482)(bnc#862356). (MFSA 2014-04) - caretPositionFromPoint and elementFromPoint leak information about iframe contents via timing information (CVE-2014-1483)(bnc#862360). (MFSA 2014-05) - Fennec leaks profile path to logcat. (CVE-2014-1484). (MFSA 2014-06) - CSP should block XSLT as script, not as style. (CVE-2014-1485). (MFSA 2014-07) - imgRequestProxy Use-After-Free Remote Code Execution Vulnerability. (CVE-2014-1486). (MFSA 2014-08) - Cross-origin information disclosure with error message of Web Workers. (CVE-2014-1487). (MFSA 2014-09) - settings & history ID bug. (CVE-2014-1489). (MFSA 2014-10) - Firefox reproducibly crashes when using asm.js code in workers and transferable objects. (CVE-2014-1488). (MFSA 2014-11) - TOCTOU, potential use-after-free in libssl's session ticket processing (CVE-2014-1490)(bnc#862300) Do not allow p-1 as a public DH value (CVE-2014-1491)(bnc#862289). (MFSA 2014-12) - Inconsistent this value when invoking getters on window (CVE-2014-1481)(bnc#862309). (MFSA 2014-13)
    last seen 2019-01-16
    modified 2014-03-22
    plugin id 72554
    published 2014-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72554
    title SuSE 11.3 Security Update : MozillaFirefox (SAT Patch Number 8879)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0979.NASL
    description An updated rhev-hypervisor6 package that fixes one security issue is now available. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1491 issue. Upstream acknowledges Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491. This update includes changes to the rhev-hypervisor component : * The most recent build of rhev-hypervisor is included in version 3.4.1. (BZ#1118298) This updated package also provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2014-4699 and CVE-2014-4943 (kernel issues) CVE-2014-4607 (lzo issue) CVE-2013-1740, CVE-2014-1490, CVE-2014-1492, CVE-2014-1545, and CVE-2014-1544 (nss and nspr issues) Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 79038
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79038
    title RHEL 6 : rhev-hypervisor6 (RHSA-2014:0979)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2102-2.NASL
    description USN-2102-1 fixed vulnerabilities in Firefox. The update introduced a regression which could make Firefox crash under some circumstances. This update fixes the problem. We apologize for the inconvenience. Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Carsten Book, Andrew Sutherland, Byron Campen, Nicholas Nethercote, Paul Adenot, David Baron, Julian Seward and Sotaro Ikeda discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1477, CVE-2014-1478) Cody Crews discovered a method to bypass System Only Wrappers. An attacker could potentially exploit this to steal confidential data or execute code with the privileges of the user invoking Firefox. (CVE-2014-1479) Jordi Chancel discovered that the downloads dialog did not implement a security timeout before button presses are processed. An attacker could potentially exploit this to conduct clickjacking attacks. (CVE-2014-1480) Fredrik Lonnqvist discovered a use-after-free in Firefox. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2014-1482) Jordan Milne discovered a timing flaw when using document.elementFromPoint and document.caretPositionFromPoint on cross-origin iframes. An attacker could potentially exploit this to steal confidential imformation. (CVE-2014-1483) Frederik Braun discovered that the CSP implementation in Firefox did not handle XSLT stylesheets in accordance with the specification, potentially resulting in unexpected script execution in some circumstances (CVE-2014-1485) Arthur Gerkis discovered a use-after-free in Firefox. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2014-1486) Masato Kinugawa discovered a cross-origin information leak in web worker error messages. An attacker could potentially exploit this to steal confidential information. (CVE-2014-1487) Yazan Tommalieh discovered that web pages could activate buttons on the default Firefox startpage (about:home) in some circumstances. An attacker could potentially exploit this to cause data loss by triggering a session restore. (CVE-2014-1489) Soeren Balko discovered a crash in Firefox when terminating web workers running asm.js code in some circumstances. An attacker could potentially exploit this to execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2014-1488) Several issues were discovered with ticket handling in NSS. An attacker could potentially exploit these to cause a denial of service or bypass cryptographic protection mechanisms. (CVE-2014-1490, CVE-2014-1491) Boris Zbarsky discovered that security restrictions on window objects could be bypassed under certain circumstances. (CVE-2014-1481). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-01
    plugin id 72598
    published 2014-02-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72598
    title Ubuntu 12.04 LTS / 12.10 / 13.10 : firefox regression (USN-2102-2)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_27.NASL
    description The installed version of Firefox is earlier than 27.0 and is, therefore, potentially affected by multiple vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2014-1477, CVE-2014-1478) - An error exists related to System Only Wrappers (SOW) and the XML Binding Language (XBL) that could allow XUL content to be disclosed. (CVE-2014-1479) - An error exists related to the 'open file' dialog that could allow users to take unintended actions. (CVE-2014-1480) - An error exists related to the JavaScript engine and 'window' object handling that has unspecified impact. (CVE-2014-1481) - An error exists related to 'RasterImage' and image decoding that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1482) - Errors exist related to IFrames, 'document.caretPositionFromPoint' and 'document.elementFromPoint' that could allow cross- origin information disclosure. (CVE-2014-1483) - An error exists related to the Content Security Policy (CSP) and XSLT stylesheets that could allow unintended script execution. (CVE-2014-1485) - A use-after-free error exists related to image handling and 'imgRequestProxy' that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1486) - An error exists related to 'web workers' that could allow cross-origin information disclosure. (CVE-2014-1487) - An error exists related to 'web workers' and 'asm.js' that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1488) - An error exists that could allow webpages to access activate content from the 'about:home' page that could lead to data loss. (CVE-2014-1489) - Network Security Services (NSS) contains a race condition in libssl that occurs during session ticket processing. A remote attacker can exploit this flaw to cause a denial of service. (CVE-2014-1490) - Network Security Services (NSS) does not properly restrict public values in Diffie-Hellman key exchanges, allowing a remote attacker to bypass cryptographic protection mechanisms. (CVE-2014-1491)
    last seen 2019-01-16
    modified 2018-07-14
    plugin id 72328
    published 2014-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72328
    title Firefox < 27.0 Multiple Vulnerabilities (Mac OS X)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1246.NASL
    description From Red Hat Security Advisory 2014:1246 : Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues. Upstream acknowledges Brian Smith as the original reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491, and Abhishek Arya as the original reporter of CVE-2014-1545. The nss and nspr packages have been upgraded to upstream version 3.16.1 and 4.10.6 respectively, which provide a number of bug fixes and enhancements over the previous versions. (BZ#1110857, BZ#1110860) This update also fixes the following bugs : * Previously, when the output.log file was not present on the system, the shell in the Network Security Services (NSS) specification handled test failures incorrectly as false positive test results. Consequently, certain utilities, such as 'grep', could not handle failures properly. This update improves error detection in the specification file, and 'grep' and other utilities now handle missing files or crashes as intended. (BZ#1035281) * Prior to this update, a subordinate Certificate Authority (CA) of the ANSSI agency incorrectly issued an intermediate certificate installed on a network monitoring device. As a consequence, the monitoring device was enabled to act as an MITM (Man in the Middle) proxy performing traffic management of domain names or IP addresses that the certificate holder did not own or control. The trust in the intermediate certificate to issue the certificate for an MITM device has been revoked, and such a device can no longer be used for MITM attacks. (BZ#1042684) * Due to a regression, MD5 certificates were rejected by default because Network Security Services (NSS) did not trust MD5 certificates. With this update, MD5 certificates are supported in Red Hat Enterprise Linux 5. (BZ#11015864) Users of nss and nspr are advised to upgrade to these updated packages, which correct these issues and add these enhancements.
    last seen 2019-01-16
    modified 2018-07-18
    plugin id 77739
    published 2014-09-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77739
    title Oracle Linux 5 : nspr / nss (ELSA-2014-1246)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-2083.NASL
    description See http://www.mozilla.org/en-US/thunderbird/24.3.0/releasenotes/ for changelog. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-24
    plugin id 72752
    published 2014-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72752
    title Fedora 19 : thunderbird-24.3.0-1.fc19 (2014-2083)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0917.NASL
    description Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1544) A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1544, CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues. Upstream acknowledges Tyson Smith and Jesse Schwartzentruber as the original reporters of CVE-2014-1544, Brian Smith as the original reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491, and Abhishek Arya as the original reporter of CVE-2014-1545. In addition, the nss package has been upgraded to upstream version 3.16.1, and the nspr package has been upgraded to upstream version 4.10.6. These updated packages provide a number of bug fixes and enhancements over the previous versions. (BZ#1112136, BZ#1112135) Users of NSS and NSPR are advised to upgrade to these updated packages, which correct these issues and add these enhancements. After installing this update, applications using NSS or NSPR must be restarted for this update to take effect.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 76698
    published 2014-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76698
    title RHEL 6 : nss and nspr (RHSA-2014:0917)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-0917.NASL
    description Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1544) A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1544, CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues. Upstream acknowledges Tyson Smith and Jesse Schwartzentruber as the original reporters of CVE-2014-1544, Brian Smith as the original reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491, and Abhishek Arya as the original reporter of CVE-2014-1545. In addition, the nss package has been upgraded to upstream version 3.16.1, and the nspr package has been upgraded to upstream version 4.10.6. These updated packages provide a number of bug fixes and enhancements over the previous versions. (BZ#1112136, BZ#1112135) Users of NSS and NSPR are advised to upgrade to these updated packages, which correct these issues and add these enhancements. After installing this update, applications using NSS or NSPR must be restarted for this update to take effect.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 76686
    published 2014-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76686
    title CentOS 6 : nspr / nss / nss-util (CESA-2014:0917)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-23.NASL
    description CVE-2013-1741 Runaway memset in certificate parsing on 64-bit computers leading to a crash by attempting to write 4Gb of nulls. CVE-2013-5606 Certificate validation with the verifylog mode did not return validation errors, but instead expected applications to determine the status by looking at the log. CVE-2014-1491 Ticket handling protection mechanisms bypass due to the lack of restriction of public values in Diffie-Hellman key exchanges. CVE-2014-1492 Incorrect IDNA domain name matching for wildcard certificates could allow specially crafted invalid certificates to be considered as valid. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-07-06
    plugin id 82171
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82171
    title Debian DLA-23-1 : nss security update
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL16716.NASL
    description CVE-2013-1740 The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic. CVE-2014-1490 Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket. CVE-2014-1491 Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value. CVE-2014-1492 The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is iframeded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate. CVE-2014-1544 Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain. CVE-2014-1545 Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions.
    last seen 2019-01-16
    modified 2019-01-04
    plugin id 91202
    published 2016-05-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91202
    title F5 Networks BIG-IP : Multiple Mozilla NSS vulnerabilities (K16716)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20140722_NSS_AND_NSPR_ON_SL6_X.NASL
    description A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1544) A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) In addition, the nss package has been upgraded to upstream version 3.16.1, and the nspr package has been upgraded to upstream version 4.10.6. These updated packages provide a number of bug fixes and enhancements over the previous versions. After installing this update, applications using NSS or NSPR must be restarted for this update to take effect.
    last seen 2019-01-16
    modified 2018-12-28
    plugin id 76702
    published 2014-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76702
    title Scientific Linux Security Update : nss and nspr on SL6.x i386/x86_64
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20140916_NSS_AND_NSPR_ON_SL5_X.NASL
    description A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) The nss and nspr packages have been upgraded to upstream version 3.16.1 and 4.10.6 respectively, which provide a number of bug fixes and enhancements over the previous versions. This update also fixes the following bugs : - Previously, when the output.log file was not present on the system, the shell in the Network Security Services (NSS) specification handled test failures incorrectly as false positive test results. Consequently, certain utilities, such as 'grep', could not handle failures properly. This update improves error detection in the specification file, and 'grep' and other utilities now handle missing files or crashes as intended. - Prior to this update, a subordinate Certificate Authority (CA) of the ANSSI agency incorrectly issued an intermediate certificate installed on a network monitoring device. As a consequence, the monitoring device was enabled to act as an MITM (Man in the Middle) proxy performing traffic management of domain names or IP addresses that the certificate holder did not own or control. The trust in the intermediate certificate to issue the certificate for an MITM device has been revoked, and such a device can no longer be used for MITM attacks. - Due to a regression, MD5 certificates were rejected by default because Network Security Services (NSS) did not trust MD5 certificates. With this update, MD5 certificates are supported in Scientific Linux 5.
    last seen 2019-01-16
    modified 2018-12-28
    plugin id 77955
    published 2014-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77955
    title Scientific Linux Security Update : nss and nspr on SL5.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1246.NASL
    description Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues. Upstream acknowledges Brian Smith as the original reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491, and Abhishek Arya as the original reporter of CVE-2014-1545. The nss and nspr packages have been upgraded to upstream version 3.16.1 and 4.10.6 respectively, which provide a number of bug fixes and enhancements over the previous versions. (BZ#1110857, BZ#1110860) This update also fixes the following bugs : * Previously, when the output.log file was not present on the system, the shell in the Network Security Services (NSS) specification handled test failures incorrectly as false positive test results. Consequently, certain utilities, such as 'grep', could not handle failures properly. This update improves error detection in the specification file, and 'grep' and other utilities now handle missing files or crashes as intended. (BZ#1035281) * Prior to this update, a subordinate Certificate Authority (CA) of the ANSSI agency incorrectly issued an intermediate certificate installed on a network monitoring device. As a consequence, the monitoring device was enabled to act as an MITM (Man in the Middle) proxy performing traffic management of domain names or IP addresses that the certificate holder did not own or control. The trust in the intermediate certificate to issue the certificate for an MITM device has been revoked, and such a device can no longer be used for MITM attacks. (BZ#1042684) * Due to a regression, MD5 certificates were rejected by default because Network Security Services (NSS) did not trust MD5 certificates. With this update, MD5 certificates are supported in Red Hat Enterprise Linux 5. (BZ#11015864) Users of nss and nspr are advised to upgrade to these updated packages, which correct these issues and add these enhancements.
    last seen 2019-01-16
    modified 2018-12-14
    plugin id 77699
    published 2014-09-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77699
    title RHEL 5 : nss and nspr (RHSA-2014:1246)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2994.NASL
    description Several vulnerabilities have been discovered in nss, the Mozilla Network Security Service library : - CVE-2013-1741 Runaway memset in certificate parsing on 64-bit computers leading to a crash by attempting to write 4Gb of nulls. - CVE-2013-5606 Certificate validation with the verifylog mode did not return validation errors, but instead expected applications to determine the status by looking at the log. - CVE-2014-1491 Ticket handling protection mechanisms bypass due to the lack of restriction of public values in Diffie-Hellman key exchanges. - CVE-2014-1492 Incorrect IDNA domain name matching for wildcard certificates could allow specially crafted invalid certificates to be considered as valid.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 76950
    published 2014-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76950
    title Debian DSA-2994-1 : nss - security update
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_24_3_ESR.NASL
    description The installed version of Firefox ESR 24.x is earlier than 24.3, and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2014-1477) - An error exists related to System Only Wrappers (SOW) and the XML Binding Language (XBL) that could allow XUL content to be disclosed. (CVE-2014-1479) - An error exists related to the JavaScript engine and 'window' object handling that has unspecified impact. (CVE-2014-1481) - An error exists related to 'RasterImage' and image decoding that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1482) - A use-after-free error exists related to image handling and 'imgRequestProxy' that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1486) - An error exists related to 'web workers' that could allow cross-origin information disclosure. (CVE-2014-1487) - Network Security Services (NSS) contains a race condition in libssl that occurs during session ticket processing. A remote attacker can exploit this flaw to cause a denial of service. (CVE-2014-1490) - Network Security Services (NSS) does not properly restrict public values in Diffie-Hellman key exchanges, allowing a remote attacker to bypass cryptographic protection mechanisms. (CVE-2014-1491)
    last seen 2019-01-16
    modified 2018-07-16
    plugin id 72330
    published 2014-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72330
    title Firefox ESR 24.x < 24.3 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_24_3_ESR.NASL
    description The installed version of Firefox ESR 24.x is earlier than 24.3 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2014-1477) - An error exists related to System Only Wrappers (SOW) and the XML Binding Language (XBL) that could allow XUL content to be disclosed. (CVE-2014-1479) - An error exists related to the JavaScript engine and 'window' object handling that has unspecified impact. (CVE-2014-1481) - An error exists related to 'RasterImage' and image decoding that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1482) - A use-after-free error exists related to image handling and 'imgRequestProxy' that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1486) - An error exists related to 'web workers' that could allow cross-origin information disclosure. (CVE-2014-1487) - Network Security Services (NSS) contains a race condition in libssl that occurs during session ticket processing. A remote attacker can exploit this flaw to cause a denial of service. (CVE-2014-1490) - Network Security Services (NSS) does not properly restrict public values in Diffie-Hellman key exchanges, allowing a remote attacker to bypass cryptographic protection mechanisms. (CVE-2014-1491)
    last seen 2019-01-16
    modified 2018-07-14
    plugin id 72327
    published 2014-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72327
    title Firefox ESR 24.x < 24.3 Multiple Vulnerabilities (Mac OS X)
  • NASL family Windows
    NASL id SEAMONKEY_2_24.NASL
    description The installed version of SeaMonkey is earlier than 2.24 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2014-1477, CVE-2014-1478) - An error exists related to System Only Wrappers (SOW) and the XML Binding Language (XBL) that could allow XUL content to be disclosed. (CVE-2014-1479) - An error exists related to the 'open file' dialog that could allow users to take unintended actions. (CVE-2014-1480) - An error exists related to the JavaScript engine and 'window' object handling that has unspecified impact. (CVE-2014-1481) - An error exists related to 'RasterImage' and image decoding that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1482) - Errors exist related to IFrames, 'document.caretPositionFromPoint' and 'document.elementFromPoint' that could allow cross- origin information disclosure. (CVE-2014-1483) - An error exists related to the Content Security Policy (CSP) and XSLT stylesheets that could allow unintended script execution. (CVE-2014-1485) - A use-after-free error exists related to image handling and 'imgRequestProxy' that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1486) - An error exists related to 'web workers' that could allow cross-origin information disclosure. (CVE-2014-1487) - An error exists related to 'web workers' and 'asm.js' that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1488) - Network Security Services (NSS) contains a race condition in libssl that occurs during session ticket processing. A remote attacker can exploit this flaw to cause a denial of service. (CVE-2014-1490) - Network Security Services (NSS) does not properly restrict public values in Diffie-Hellman key exchanges, allowing a remote attacker to bypass cryptographic protection mechanisms. (CVE-2014-1491)
    last seen 2019-01-16
    modified 2018-07-27
    plugin id 72333
    published 2014-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72333
    title SeaMonkey < 2.24 Multiple Vulnerabilities
  • NASL family Web Servers
    NASL id GLASSFISH_CPU_JUL_2014.NASL
    description The version of GlassFish Server running on the remote host is affected by multiple vulnerabilities in the following components : - The implementation of Network Security Services (NSS) does not ensure that data structures are initialized, which could result in a denial of service or disclosure of sensitive information. (CVE-2013-1739) - The implementation of Network Security Services (NSS) does not properly handle the TLS False Start feature and could allow man-in-the-middle attacks. (CVE-2013-1740) - Network Security Services (NSS) contains an integer overflow flaw that allows remote attackers to cause a denial of service. (CVE-2013-1741) - An error exists in the 'Null_Cipher' function in the file 'ssl/ssl3con.c' related to handling invalid handshake packets that could allow arbitrary code execution. (CVE-2013-5605) - An error exists in the 'CERT_VerifyCert' function in the file 'lib/certhigh/certvfy.c' that could allow invalid certificates to be treated as valid. (CVE-2013-5606) - Oracle Mojarra contains a cross-site scripting vulnerability due to improperly sanitized user-supplied input. This allows an attacker to execute arbitrary script code within the context of the affected site. (CVE-2013-5855) - Network Security Services (NSS) contains a race condition in libssl that occurs during session ticket processing. A remote attacker can exploit this flaw to cause a denial of service. (CVE-2014-1490) - Network Security Services (NSS) does not properly restrict public values in Diffie-Hellman key exchanges, allowing a remote attacker to bypass cryptographic protection mechanisms. (CVE-2014-1491) - An issue exists in the Network Security (NSS) library due to improper handling of IDNA domain prefixes for wildcard certificates. This issue allows man-in- the-middle attacks. (CVE-2014-1492)
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 76591
    published 2014-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76591
    title Oracle GlassFish Server Multiple Vulnerabilities (July 2014 CPU)
  • NASL family Misc.
    NASL id ORACLE_TRAFFIC_DIRECTOR_JULY_2014_CPU.NASL
    description The remote host is running an unpatched version of Oracle Traffic Director that is affected by the following vulnerabilities : - The implementation of Network Security Services (NSS) does not ensure that data structures are initialized, which could result in a denial of service or disclosure of sensitive information. (CVE-2013-1739) - The implementation of Network Security Services (NSS) does not properly handle the TLS False Start feature and could allow man-in-the-middle attacks. (CVE-2013-1740) - NSS contains an integer overflow flaw that allows remote attackers to cause a denial of service. (CVE-2013-1741) - An error exists in the 'Null_Cipher' function in the file 'ssl/ssl3con.c' related to handling invalid handshake packets that could allow arbitrary code execution. (CVE-2013-5605) - An error exists in the 'CERT_VerifyCert' function in the file 'lib/certhigh/certvfy.c' that could allow invalid certificates to be treated as valid. (CVE-2013-5606) - Network Security Services (NSS) contains a race condition in libssl that occurs during session ticket processing. A remote attacker can exploit this flaw to cause a denial of service. (CVE-2014-1490) - Network Security Services (NSS) does not properly restrict public values in Diffie-Hellman key exchanges, allowing a remote attacker to bypass cryptographic protection mechanisms. (CVE-2014-1491) - An issue exists in the Network Security (NSS) library due to improper handling of IDNA domain prefixes for wildcard certificates. This issue could allow man-in- the-middle attacks. (CVE-2014-1492)
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 76938
    published 2014-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76938
    title Oracle Traffic Director Multiple Vulnerabilities (July 2014 CPU)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_1753F0FF8DD511E39B45B4B52FCE4CE8.NASL
    description The Mozilla Project reports : MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3) MFSA 2014-02 Clone protected content with XBL scopes MFSA 2014-03 UI selection timeout missing on download prompts MFSA 2014-04 Incorrect use of discarded images by RasterImage MFSA 2014-05 Information disclosure with *FromPoint on iframes MFSA 2014-06 Profile path leaks to Android system log MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing MFSA 2014-09 Cross-origin information leak through web workers MFSA 2014-10 Firefox default start page UI content invokable by script MFSA 2014-11 Crash when using web workers with asm.js MFSA 2014-12 NSS ticket handling issues MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
    last seen 2019-01-16
    modified 2018-11-21
    plugin id 72312
    published 2014-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72312
    title FreeBSD : mozilla -- multiple vulnerabilities (1753f0ff-8dd5-11e3-9b45-b4b52fce4ce8)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2102-1.NASL
    description Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Carsten Book, Andrew Sutherland, Byron Campen, Nicholas Nethercote, Paul Adenot, David Baron, Julian Seward and Sotaro Ikeda discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1477, CVE-2014-1478) Cody Crews discovered a method to bypass System Only Wrappers. An attacker could potentially exploit this to steal confidential data or execute code with the privileges of the user invoking Firefox. (CVE-2014-1479) Jordi Chancel discovered that the downloads dialog did not implement a security timeout before button presses are processed. An attacker could potentially exploit this to conduct clickjacking attacks. (CVE-2014-1480) Fredrik Lonnqvist discovered a use-after-free in Firefox. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2014-1482) Jordan Milne discovered a timing flaw when using document.elementFromPoint and document.caretPositionFromPoint on cross-origin iframes. An attacker could potentially exploit this to steal confidential imformation. (CVE-2014-1483) Frederik Braun discovered that the CSP implementation in Firefox did not handle XSLT stylesheets in accordance with the specification, potentially resulting in unexpected script execution in some circumstances (CVE-2014-1485) Arthur Gerkis discovered a use-after-free in Firefox. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2014-1486) Masato Kinugawa discovered a cross-origin information leak in web worker error messages. An attacker could potentially exploit this to steal confidential information. (CVE-2014-1487) Yazan Tommalieh discovered that web pages could activate buttons on the default Firefox startpage (about:home) in some circumstances. An attacker could potentially exploit this to cause data loss by triggering a session restore. (CVE-2014-1489) Soeren Balko discovered a crash in Firefox when terminating web workers running asm.js code in some circumstances. An attacker could potentially exploit this to execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2014-1488) Several issues were discovered with ticket handling in NSS. An attacker could potentially exploit these to cause a denial of service or bypass cryptographic protection mechanisms. (CVE-2014-1490, CVE-2014-1491) Boris Zbarsky discovered that security restrictions on window objects could be bypassed under certain circumstances. (CVE-2014-1481). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-01
    plugin id 72425
    published 2014-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72425
    title Ubuntu 12.04 LTS / 12.10 / 13.10 : firefox vulnerabilities (USN-2102-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-119.NASL
    description Mozilla Firefox was updated to version 27. Mozilla SeaMonkey was updated to 2.24, fixing similar issues as Firefox 27. Mozilla Thunderbird was updated to 24.3.0, fixing similar issues as Firefox 27. The Firefox 27 release brings TLS 1.2 support as a major security feature. It also fixes following security issues : - MFSA 2014-01/CVE-2014-1477/CVE-2014-1478 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3) - MFSA 2014-02/CVE-2014-1479 (bmo#911864) Clone protected content with XBL scopes - MFSA 2014-03/CVE-2014-1480 (bmo#916726) UI selection timeout missing on download prompts - MFSA 2014-04/CVE-2014-1482 (bmo#943803) Incorrect use of discarded images by RasterImage - MFSA 2014-05/CVE-2014-1483 (bmo#950427) Information disclosure with *FromPoint on iframes - MFSA 2014-06/CVE-2014-1484 (bmo#953993) Profile path leaks to Android system log - MFSA 2014-07/CVE-2014-1485 (bmo#910139) XSLT stylesheets treated as styles in Content Security Policy - MFSA 2014-08/CVE-2014-1486 (bmo#942164) Use-after-free with imgRequestProxy and image proccessing - MFSA 2014-09/CVE-2014-1487 (bmo#947592) Cross-origin information leak through web workers - MFSA 2014-10/CVE-2014-1489 (bmo#959531) Firefox default start page UI content invokable by script - MFSA 2014-11/CVE-2014-1488 (bmo#950604) Crash when using web workers with asm.js - MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 (bmo#934545, bmo#930874, bmo#930857) NSS ticket handling issues - MFSA 2014-13/CVE-2014-1481(bmo#936056) Inconsistent JavaScript handling of access to Window objects Mozilla NSS was updated to 3.15.4 : - required for Firefox 27 - regular CA root store update (1.96) - Reordered the cipher suites offered in SSL/TLS client hello messages to match modern best practices. - Improved SSL/TLS false start. In addition to enabling the SSL_ENABLE_FALSE_START option, an application must now register a callback using the SSL_SetCanFalseStartCallback function. - When false start is enabled, libssl will sometimes return unencrypted, unauthenticated data from PR_Recv (CVE-2013-1740, bmo#919877) - MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 NSS ticket handling issues New functionality - Implemented OCSP querying using the HTTP GET method, which is the new default, and will fall back to the HTTP POST method. - Implemented OCSP server functionality for testing purposes (httpserv utility). - Support SHA-1 signatures with TLS 1.2 client authentication. - Added the --empty-password command-line option to certutil, to be used with -N: use an empty password when creating a new database. - Added the -w command-line option to pp: don't wrap long output lines.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 75253
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75253
    title openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2014:0212-1)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_27.NASL
    description The installed version of Firefox is earlier than 27.0 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2014-1477, CVE-2014-1478) - An error exists related to System Only Wrappers (SOW) and the XML Binding Language (XBL) that could allow XUL content to be disclosed. (CVE-2014-1479) - An error exists related to the 'open file' dialog that could allow users to take unintended actions. (CVE-2014-1480) - An error exists related to the JavaScript engine and 'window' object handling that has unspecified impact. (CVE-2014-1481) - An error exists related to 'RasterImage' and image decoding that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1482) - Errors exist related to IFrames, 'document.caretPositionFromPoint' and 'document.elementFromPoint' that could allow cross- origin information disclosure. (CVE-2014-1483) - An error exists related to the Content Security Policy (CSP) and XSLT stylesheets that could allow unintended script execution. (CVE-2014-1485) - A use-after-free error exists related to image handling and 'imgRequestProxy' that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1486) - An error exists related to 'web workers' that could allow cross-origin information disclosure. (CVE-2014-1487) - An error exists related to 'web workers' and 'asm.js' that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1488) - An error exists that could allow webpages to access activate content from the 'about:home' page that could lead to data loss. (CVE-2014-1489) - Network Security Services (NSS) contains a race condition in libssl that occurs during session ticket processing. A remote attacker can exploit this flaw to cause a denial of service. (CVE-2014-1490) - Network Security Services (NSS) does not properly restrict public values in Diffie-Hellman key exchanges, allowing a remote attacker to bypass cryptographic protection mechanisms. (CVE-2014-1491)
    last seen 2019-01-16
    modified 2018-07-16
    plugin id 72331
    published 2014-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72331
    title Firefox < 27.0 Multiple Vulnerabilities
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_24_3.NASL
    description The installed version of Thunderbird is earlier than 24.3 and is, therefore, potentially affected the following vulnerabilities: - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2014-1477) - An error exists related to System Only Wrappers (SOW) and the XML Binding Language (XBL) that could allow XUL content to be disclosed. (CVE-2014-1479) - An error exists related to the JavaScript engine and 'window' object handling that has unspecified impact. (CVE-2014-1481) - An error exists related to 'RasterImage' and image decoding that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1482) - A use-after-free error exists related to image handling and 'imgRequestProxy' that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1486) - An error exists related to 'web workers' that could allow cross-origin information disclosure. (CVE-2014-1487) - Network Security Services (NSS) contains a race condition in libssl that occurs during session ticket processing. A remote attacker can exploit this flaw to cause a denial of service. (CVE-2014-1490) - Network Security Services (NSS) does not properly restrict public values in Diffie-Hellman key exchanges, allowing a remote attacker to bypass cryptographic protection mechanisms. (CVE-2014-1491)
    last seen 2019-01-16
    modified 2018-07-16
    plugin id 72332
    published 2014-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72332
    title Mozilla Thunderbird < 24.3 Multiple Vulnerabilities
  • NASL family Web Servers
    NASL id SUN_JAVA_WEB_SERVER_7_0_20.NASL
    description According to its self-reported version, the Oracle iPlanet Web Server (formerly Sun Java System Web Server) running on the remote host is 7.0.x prior to 7.0.20. It is, therefore, affected by the following vulnerabilities in the Network Security Services (NSS) : - The implementation of NSS does not ensure that data structures are initialized, which can result in a denial of service or disclosure of sensitive information. (CVE-2013-1739) - An error exists in the ssl_Do1stHandshake() function in file sslsecur.c due to unencrypted data being returned from PR_Recv when the TLS False Start feature is enabled. A man-in-the-middle attacker can exploit this, by using an arbitrary X.509 certificate, to spoof SSL servers during certain handshake traffic. (CVE-2013-1740) - An integer overflow condition exists related to handling input greater than half the maximum size of the 'PRUint32' value. A remote attacker can exploit this to cause a denial of service or possibly have other impact. (CVE-2013-1741) - An error exists in the Null_Cipher() function in the file ssl3con.c related to handling invalid handshake packets. A remote attacker, using a crafted request, can exploit this to execute arbitrary code. (CVE-2013-5605) - An error exists in the CERT_VerifyCert() function in the file certvfy.c when handling trusted certificates with incompatible key usages. A remote attacker, using a crafted request, can exploit this to have an invalid certificates treated as valid. (CVE-2013-5606) - A race condition exists in libssl that occurs during session ticket processing. A remote attacker can exploit this to cause a denial of service. (CVE-2014-1490) - Network Security Services (NSS) does not properly restrict public values in Diffie-Hellman key exchanges, allowing a remote attacker to bypass cryptographic protection mechanisms. (CVE-2014-1491) - An issue exists in the Network Security (NSS) library due to improper handling of IDNA domain prefixes for wildcard certificates. A man-in-the-middle attacker, using a crafted certificate, can exploit this to spoof an SSL server. (CVE-2014-1492)
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 76593
    published 2014-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76593
    title Oracle iPlanet Web Server 7.0.x < 7.0.20 Multiple Vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2119-1.NASL
    description Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen and Sotaro Ikeda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1477) Cody Crews discovered a method to bypass System Only Wrappers. If a user had enabled scripting, an attacker could potentially exploit this to steal confidential data or execute code with the privileges of the user invoking Thunderbird. (CVE-2014-1479) Fredrik Lonnqvist discovered a use-after-free in Thunderbird. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the priviliges of the user invoking Thunderbird. (CVE-2014-1482) Arthur Gerkis discovered a use-after-free in Thunderbird. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the priviliges of the user invoking Thunderbird. (CVE-2014-1486) Masato Kinugawa discovered a cross-origin information leak in web worker error messages. If a user had enabled scripting, an attacker could potentially exploit this to steal confidential information. (CVE-2014-1487) Several issues were discovered with ticket handling in NSS. An attacker could potentially exploit these to cause a denial of service or bypass cryptographic protection mechanisms. (CVE-2014-1490, CVE-2014-1491) Boris Zbarsky discovered that security restrictions on window objects could be bypassed under certain circumstances. (CVE-2014-1481) Fabian Cuchietti and Ateeq ur Rehman Khan discovered that it was possible to bypass JavaScript execution restrictions when replying to or forwarding mail messages in certain circumstances. An attacker could potentially exploit this to steal confidential information or modify message content. (CVE-2013-6674). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-01
    plugin id 72599
    published 2014-02-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72599
    title Ubuntu 12.04 LTS / 12.10 / 13.10 : thunderbird vulnerabilities (USN-2119-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-2041.NASL
    description See http://www.mozilla.org/en-US/thunderbird/24.3.0/releasenotes/ for changelog. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-24
    plugin id 72380
    published 2014-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72380
    title Fedora 20 : thunderbird-24.3.0-1.fc20 (2014-2041)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201504-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201504-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. Workaround : There are no known workarounds at this time.
    last seen 2019-01-16
    modified 2016-11-11
    plugin id 82632
    published 2015-04-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82632
    title GLSA-201504-01 : Mozilla Products: Multiple vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-0917.NASL
    description From Red Hat Security Advisory 2014:0917 : Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1544) A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1544, CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues. Upstream acknowledges Tyson Smith and Jesse Schwartzentruber as the original reporters of CVE-2014-1544, Brian Smith as the original reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491, and Abhishek Arya as the original reporter of CVE-2014-1545. In addition, the nss package has been upgraded to upstream version 3.16.1, and the nspr package has been upgraded to upstream version 4.10.6. These updated packages provide a number of bug fixes and enhancements over the previous versions. (BZ#1112136, BZ#1112135) Users of NSS and NSPR are advised to upgrade to these updated packages, which correct these issues and add these enhancements. After installing this update, applications using NSS or NSPR must be restarted for this update to take effect.
    last seen 2019-01-16
    modified 2018-07-18
    plugin id 76694
    published 2014-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76694
    title Oracle Linux 6 : nspr / nss (ELSA-2014-0917)
  • NASL family CGI abuses
    NASL id ORACLE_OPENSSO_AGENT_CPU_OCT_2014.NASL
    description The Oracle OpenSSO agent installed on the remote host is missing a vendor-supplied update. It is, therefore, affected by multiple vulnerabilities in the bundled Mozilla Network Security Services, the most serious of which can allow remote code execution.
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 78774
    published 2014-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78774
    title Oracle OpenSSO Agent Multiple Vulnerabilities (October 2014 CPU)
  • NASL family Windows
    NASL id IPLANET_WEB_PROXY_4_0_24.NASL
    description The remote host has a version of Oracle iPlanet Web Proxy Server (formerly Sun Java System Web Proxy Server) 4.0 prior to 4.0.24. It is, therefore, affected by the following vulnerabilities : - The implementation of Network Security Services (NSS) does not ensure that data structures are initialized, which could result in a denial of service or disclosure of sensitive information. (CVE-2013-1739) - The implementation of Network Security Services (NSS) does not properly handle the TLS False Start feature and could allow man-in-the-middle attacks. (CVE-2013-1740) - An error exists related to handling input greater than half the maximum size of the 'PRUint32' value. (CVE-2013-1741) - An error exists in the 'Null_Cipher' function in the file 'ssl/ssl3con.c' related to handling invalid handshake packets that could allow arbitrary code execution. (CVE-2013-5605) - An error exists in the 'CERT_VerifyCert' function in the file 'lib/certhigh/certvfy.c' that could allow invalid certificates to be treated as valid. (CVE-2013-5606) - Network Security Services (NSS) contains a race condition in libssl that occurs during session ticket processing. A remote attacker can exploit this flaw to cause a denial of service. (CVE-2014-1490) - Network Security Services (NSS) does not properly restrict public values in Diffie-Hellman key exchanges, allowing a remote attacker to bypass cryptographic protection mechanisms. (CVE-2014-1491) - An issue exists in the Network Security (NSS) library due to improper handling of IDNA domain prefixes for wildcard certificates. This issue could allow man-in- the-middle attacks. (CVE-2014-1492)
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 76592
    published 2014-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76592
    title Oracle iPlanet Web Proxy Server 4.0 < 4.0.24 Multiple Vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2858.NASL
    description Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, too-verbose error messages and missing permission checks may lead to the execution of arbitrary code, the bypass of security checks or information disclosure. This update also addresses security issues in the bundled version of the NSS crypto library. This update updates Iceweasel to the ESR24 series of Firefox.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 72438
    published 2014-02-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72438
    title Debian DSA-2858-1 : iceweasel - several vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1246.NASL
    description Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues. Upstream acknowledges Brian Smith as the original reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491, and Abhishek Arya as the original reporter of CVE-2014-1545. The nss and nspr packages have been upgraded to upstream version 3.16.1 and 4.10.6 respectively, which provide a number of bug fixes and enhancements over the previous versions. (BZ#1110857, BZ#1110860) This update also fixes the following bugs : * Previously, when the output.log file was not present on the system, the shell in the Network Security Services (NSS) specification handled test failures incorrectly as false positive test results. Consequently, certain utilities, such as 'grep', could not handle failures properly. This update improves error detection in the specification file, and 'grep' and other utilities now handle missing files or crashes as intended. (BZ#1035281) * Prior to this update, a subordinate Certificate Authority (CA) of the ANSSI agency incorrectly issued an intermediate certificate installed on a network monitoring device. As a consequence, the monitoring device was enabled to act as an MITM (Man in the Middle) proxy performing traffic management of domain names or IP addresses that the certificate holder did not own or control. The trust in the intermediate certificate to issue the certificate for an MITM device has been revoked, and such a device can no longer be used for MITM attacks. (BZ#1042684) * Due to a regression, MD5 certificates were rejected by default because Network Security Services (NSS) did not trust MD5 certificates. With this update, MD5 certificates are supported in Red Hat Enterprise Linux 5. (BZ#11015864) Users of nss and nspr are advised to upgrade to these updated packages, which correct these issues and add these enhancements.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 77993
    published 2014-10-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77993
    title CentOS 5 : nss (CESA-2014:1246)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_THUNDERBIRD_24_3.NASL
    description The installed version of Thunderbird is earlier than 24.3 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2014-1477) - An error exists related to System Only Wrappers (SOW) and the XML Binding Language (XBL) that could allow XUL content to be disclosed. (CVE-2014-1479) - An error exists related to the JavaScript engine and 'window' object handling that has unspecified impact. (CVE-2014-1481) - An error exists related to 'RasterImage' and image decoding that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1482) - A use-after-free error exists related to image handling and 'imgRequestProxy' that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1486) - An error exists related to 'web workers' that could allow cross-origin information disclosure. (CVE-2014-1487) - Network Security Services (NSS) contains a race condition in libssl that occurs during session ticket processing. A remote attacker can exploit this flaw to cause a denial of service. (CVE-2014-1490) - Network Security Services (NSS) does not properly restrict public values in Diffie-Hellman key exchanges, allowing a remote attacker to bypass cryptographic protection mechanisms. (CVE-2014-1491)
    last seen 2019-01-16
    modified 2018-07-14
    plugin id 72329
    published 2014-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72329
    title Thunderbird < 24.3 Multiple Vulnerabilities (Mac OS X)
redhat via4
rpms
  • nspr-0:4.10.6-1.el6_5
  • nspr-devel-0:4.10.6-1.el6_5
  • nss-util-0:3.16.1-1.el6_5
  • nss-util-devel-0:3.16.1-1.el6_5
  • nss-0:3.16.1-4.el6_5
  • nss-devel-0:3.16.1-4.el6_5
  • nss-pkcs11-devel-0:3.16.1-4.el6_5
  • nss-sysinit-0:3.16.1-4.el6_5
  • nss-tools-0:3.16.1-4.el6_5
  • nss-0:3.16.1-2.el5
  • nss-devel-0:3.16.1-2.el5
  • nss-pkcs11-devel-0:3.16.1-2.el5
  • nss-tools-0:3.16.1-2.el5
refmap via4
bid 65332
bugtraq 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
confirm
debian
  • DSA-2858
  • DSA-2994
fedora
  • FEDORA-2014-2041
  • FEDORA-2014-2083
fulldisc 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
gentoo GLSA-201504-01
sectrack
  • 1029717
  • 1029720
  • 1029721
secunia
  • 56858
  • 56888
  • 56922
suse
  • SUSE-SU-2014:0248
  • openSUSE-SU-2014:0212
  • openSUSE-SU-2014:0213
  • openSUSE-SU-2014:0419
ubuntu
  • USN-2102-1
  • USN-2102-2
  • USN-2119-1
xf firefox-nss-cve20141491-unspecified(90886)
Last major update 30-12-2016 - 21:59
Published 06-02-2014 - 00:44
Last modified 09-10-2018 - 15:42
Back to Top