ID CVE-2014-1568
Summary Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.
References
Vulnerable Configurations
  • cpe:2.3:a:google:chrome:37.0.2062.120
    cpe:2.3:a:google:chrome:37.0.2062.120
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
  • Apple Mac OS X
    cpe:2.3:o:apple:mac_os_x
  • Mozilla Network Security Services 3.11.2
    cpe:2.3:a:mozilla:network_security_services:3.11.2
  • Mozilla Network Security Services 3.11.3
    cpe:2.3:a:mozilla:network_security_services:3.11.3
  • Mozilla Network Security Services 3.11.4
    cpe:2.3:a:mozilla:network_security_services:3.11.4
  • Mozilla Network Security Services 3.11.5
    cpe:2.3:a:mozilla:network_security_services:3.11.5
  • Mozilla Network Security Services 3.12
    cpe:2.3:a:mozilla:network_security_services:3.12
  • Mozilla Network Security Services 3.12.1
    cpe:2.3:a:mozilla:network_security_services:3.12.1
  • Mozilla Network Security Services 3.12.10
    cpe:2.3:a:mozilla:network_security_services:3.12.10
  • Mozilla Network Security Services 3.12.11
    cpe:2.3:a:mozilla:network_security_services:3.12.11
  • Mozilla Network Security Services 3.12.2
    cpe:2.3:a:mozilla:network_security_services:3.12.2
  • Mozilla Network Security Services 3.12.3
    cpe:2.3:a:mozilla:network_security_services:3.12.3
  • Mozilla Network Security Services 3.12.3.1
    cpe:2.3:a:mozilla:network_security_services:3.12.3.1
  • Mozilla Network Security Services 3.12.3.2
    cpe:2.3:a:mozilla:network_security_services:3.12.3.2
  • Mozilla Network Security Services 3.12.4
    cpe:2.3:a:mozilla:network_security_services:3.12.4
  • Mozilla Network Security Services 3.12.5
    cpe:2.3:a:mozilla:network_security_services:3.12.5
  • Mozilla Network Security Services 3.12.6
    cpe:2.3:a:mozilla:network_security_services:3.12.6
  • Mozilla Network Security Services 3.12.7
    cpe:2.3:a:mozilla:network_security_services:3.12.7
  • Mozilla Network Security Services 3.12.8
    cpe:2.3:a:mozilla:network_security_services:3.12.8
  • Mozilla Network Security Services 3.12.9
    cpe:2.3:a:mozilla:network_security_services:3.12.9
  • Mozilla Network Security Services 3.14
    cpe:2.3:a:mozilla:network_security_services:3.14
  • Mozilla Network Security Services 3.14.1
    cpe:2.3:a:mozilla:network_security_services:3.14.1
  • Mozilla Network Security Services 3.14.2
    cpe:2.3:a:mozilla:network_security_services:3.14.2
  • Mozilla Network Security Services 3.14.3
    cpe:2.3:a:mozilla:network_security_services:3.14.3
  • Mozilla Network Security Services 3.14.4
    cpe:2.3:a:mozilla:network_security_services:3.14.4
  • Mozilla Network Security Services 3.14.5
    cpe:2.3:a:mozilla:network_security_services:3.14.5
  • Mozilla Network Security Services 3.15
    cpe:2.3:a:mozilla:network_security_services:3.15
  • Mozilla Network Security Services 3.15.1
    cpe:2.3:a:mozilla:network_security_services:3.15.1
  • Mozilla Network Security Services 3.15.2
    cpe:2.3:a:mozilla:network_security_services:3.15.2
  • Mozilla Network Security Services 3.15.3
    cpe:2.3:a:mozilla:network_security_services:3.15.3
  • Mozilla Network Security Services 3.15.3.1
    cpe:2.3:a:mozilla:network_security_services:3.15.3.1
  • Mozilla Network Security Services 3.15.4
    cpe:2.3:a:mozilla:network_security_services:3.15.4
  • Mozilla Network Security Services 3.15.5
    cpe:2.3:a:mozilla:network_security_services:3.15.5
  • Mozilla Network Security Services 3.16
    cpe:2.3:a:mozilla:network_security_services:3.16
  • Mozilla Network Security Services 3.16.1
    cpe:2.3:a:mozilla:network_security_services:3.16.1
  • cpe:2.3:a:mozilla:network_security_services:3.16.2.0
    cpe:2.3:a:mozilla:network_security_services:3.16.2.0
  • Mozilla Network Security Services 3.16.3
    cpe:2.3:a:mozilla:network_security_services:3.16.3
  • Mozilla Network Security Services 3.16.4
    cpe:2.3:a:mozilla:network_security_services:3.16.4
  • Mozilla Network Security Services 3.2
    cpe:2.3:a:mozilla:network_security_services:3.2
  • Mozilla Network Security Services 3.2.1
    cpe:2.3:a:mozilla:network_security_services:3.2.1
  • Mozilla Network Security Services 3.3
    cpe:2.3:a:mozilla:network_security_services:3.3
  • Mozilla Network Security Services 3.3.1
    cpe:2.3:a:mozilla:network_security_services:3.3.1
  • Mozilla Network Security Services 3.3.2
    cpe:2.3:a:mozilla:network_security_services:3.3.2
  • Mozilla Network Security Services 3.4
    cpe:2.3:a:mozilla:network_security_services:3.4
  • Mozilla Network Security Services 3.4.1
    cpe:2.3:a:mozilla:network_security_services:3.4.1
  • Mozilla Network Security Services 3.4.2
    cpe:2.3:a:mozilla:network_security_services:3.4.2
  • Mozilla Network Security Services 3.5
    cpe:2.3:a:mozilla:network_security_services:3.5
  • Mozilla Network Security Services 3.6
    cpe:2.3:a:mozilla:network_security_services:3.6
  • Mozilla Network Security Services 3.6.1
    cpe:2.3:a:mozilla:network_security_services:3.6.1
  • Mozilla Network Security Services 3.7
    cpe:2.3:a:mozilla:network_security_services:3.7
  • Mozilla Network Security Services 3.7.1
    cpe:2.3:a:mozilla:network_security_services:3.7.1
  • Mozilla Network Security Services 3.7.2
    cpe:2.3:a:mozilla:network_security_services:3.7.2
  • Mozilla Network Security Services 3.7.3
    cpe:2.3:a:mozilla:network_security_services:3.7.3
  • Mozilla Network Security Services 3.7.5
    cpe:2.3:a:mozilla:network_security_services:3.7.5
  • Mozilla Network Security Services 3.7.7
    cpe:2.3:a:mozilla:network_security_services:3.7.7
  • Mozilla Network Security Services 3.8
    cpe:2.3:a:mozilla:network_security_services:3.8
  • Mozilla Network Security Services 3.9
    cpe:2.3:a:mozilla:network_security_services:3.9
  • Mozilla Firefox 32.0.2
    cpe:2.3:a:mozilla:firefox:32.0.2
  • Mozilla Firefox 32.0.1
    cpe:2.3:a:mozilla:firefox:32.0.1
  • Mozilla Firefox 32.0
    cpe:2.3:a:mozilla:firefox:32.0
  • cpe:2.3:a:mozilla:firefox_esr:24.8.0
    cpe:2.3:a:mozilla:firefox_esr:24.8.0
  • Mozilla Firefox Extended Support Release (ESR) 31.0
    cpe:2.3:a:mozilla:firefox_esr:31.0
  • Mozilla Firefox Extended Support Release (ESR) 31.1.0
    cpe:2.3:a:mozilla:firefox_esr:31.1.0
  • Mozilla Thunderbird 24.8.0
    cpe:2.3:a:mozilla:thunderbird:24.8.0
  • Mozilla Thunderbird 31.0
    cpe:2.3:a:mozilla:thunderbird:31.0
  • Mozilla Thunderbird 31.1.0
    cpe:2.3:a:mozilla:thunderbird:31.1.0
  • Mozilla Thunderbird 31.1.1
    cpe:2.3:a:mozilla:thunderbird:31.1.1
  • Mozilla SeaMonkey 2.26 release candidate 1
    cpe:2.3:a:mozilla:seamonkey:2.26:rc1
  • cpe:2.3:a:mozilla:seamonkey:2.29
    cpe:2.3:a:mozilla:seamonkey:2.29
  • Mozilla SeaMonkey 2.26
    cpe:2.3:a:mozilla:seamonkey:2.26
  • Mozilla SeaMonkey 2.25 beta 3
    cpe:2.3:a:mozilla:seamonkey:2.25:beta3
  • Mozilla SeaMonkey 2.25 beta 2
    cpe:2.3:a:mozilla:seamonkey:2.25:beta2
  • Mozilla SeaMonkey 2.25 beta 1
    cpe:2.3:a:mozilla:seamonkey:2.25:beta1
  • Mozilla SeaMonkey 2.25
    cpe:2.3:a:mozilla:seamonkey:2.25
  • Mozilla SeaMonkey 2.24 beta1
    cpe:2.3:a:mozilla:seamonkey:2.24:beta1
  • Mozilla SeaMonkey 2.24
    cpe:2.3:a:mozilla:seamonkey:2.24
  • Mozilla SeaMonkey 2.23 beta1
    cpe:2.3:a:mozilla:seamonkey:2.23:beta1
  • Mozilla SeaMonkey 2.23
    cpe:2.3:a:mozilla:seamonkey:2.23
  • Mozilla SeaMonkey 2.22.1
    cpe:2.3:a:mozilla:seamonkey:2.22.1
  • Mozilla SeaMonkey 2.22 beta2
    cpe:2.3:a:mozilla:seamonkey:2.22:beta2
  • Mozilla SeaMonkey 2.22 beta1
    cpe:2.3:a:mozilla:seamonkey:2.22:beta1
  • Mozilla SeaMonkey 2.21 beta2
    cpe:2.3:a:mozilla:seamonkey:2.21:beta2
  • Mozilla SeaMonkey 2.21 beta1
    cpe:2.3:a:mozilla:seamonkey:2.21:beta1
  • Mozilla SeaMonkey 2.20 beta3
    cpe:2.3:a:mozilla:seamonkey:2.20:beta3
  • Mozilla SeaMonkey 2.20 beta2
    cpe:2.3:a:mozilla:seamonkey:2.20:beta2
  • Mozilla SeaMonkey 2.20 beta1
    cpe:2.3:a:mozilla:seamonkey:2.20:beta1
  • Mozilla SeaMonkey 2.20
    cpe:2.3:a:mozilla:seamonkey:2.20
  • Mozilla SeaMonkey 2.2 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.2:beta3
  • Mozilla SeaMonkey 2.2 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.2:beta2
  • Mozilla SeaMonkey 2.2 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.2:beta1
  • Mozilla SeaMonkey 2.2
    cpe:2.3:a:mozilla:seamonkey:2.2
  • Mozilla SeaMonkey 2.19 beta2
    cpe:2.3:a:mozilla:seamonkey:2.19:beta2
  • Mozilla SeaMonkey 2.19 beta1
    cpe:2.3:a:mozilla:seamonkey:2.19:beta1
  • Mozilla SeaMonkey 2.19
    cpe:2.3:a:mozilla:seamonkey:2.19
  • Mozilla SeaMonkey 2.18 beta4
    cpe:2.3:a:mozilla:seamonkey:2.18:beta4
  • Mozilla SeaMonkey 2.18 beta3
    cpe:2.3:a:mozilla:seamonkey:2.18:beta3
  • Mozilla SeaMonkey 2.18 beta2
    cpe:2.3:a:mozilla:seamonkey:2.18:beta2
  • Mozilla SeaMonkey 2.18 beta1
    cpe:2.3:a:mozilla:seamonkey:2.18:beta1
  • Mozilla SeaMonkey 2.17.1
    cpe:2.3:a:mozilla:seamonkey:2.17.1
  • Mozilla Seamonkey 2.17 beta4
    cpe:2.3:a:mozilla:seamonkey:2.17:beta4
  • Mozilla Seamonkey 2.17 beta3
    cpe:2.3:a:mozilla:seamonkey:2.17:beta3
  • Mozilla Seamonkey 2.17 beta2
    cpe:2.3:a:mozilla:seamonkey:2.17:beta2
  • Mozilla Seamonkey 2.17 beta1
    cpe:2.3:a:mozilla:seamonkey:2.17:beta1
  • Mozilla Seamonkey 2.17
    cpe:2.3:a:mozilla:seamonkey:2.17
  • Mozilla Seamonkey 2.16.2
    cpe:2.3:a:mozilla:seamonkey:2.16.2
  • Mozilla Seamonkey 2.16.1
    cpe:2.3:a:mozilla:seamonkey:2.16.1
  • Mozilla Seamonkey 2.16 beta5
    cpe:2.3:a:mozilla:seamonkey:2.16:beta5
  • Mozilla Seamonkey 2.16 beta4
    cpe:2.3:a:mozilla:seamonkey:2.16:beta4
  • Mozilla Seamonkey 2.16 beta3
    cpe:2.3:a:mozilla:seamonkey:2.16:beta3
  • Mozilla Seamonkey 2.16 beta2
    cpe:2.3:a:mozilla:seamonkey:2.16:beta2
  • Mozilla Seamonkey 2.16 beta1
    cpe:2.3:a:mozilla:seamonkey:2.16:beta1
  • Mozilla Seamonkey 2.16
    cpe:2.3:a:mozilla:seamonkey:2.16
  • Mozilla Seamonkey 2.15.2
    cpe:2.3:a:mozilla:seamonkey:2.15.2
  • Mozilla Seamonkey 2.15.1
    cpe:2.3:a:mozilla:seamonkey:2.15.1
  • Mozilla Seamonkey 2.15 beta6
    cpe:2.3:a:mozilla:seamonkey:2.15:beta6
  • Mozilla Seamonkey 2.15 beta5
    cpe:2.3:a:mozilla:seamonkey:2.15:beta5
  • Mozilla Seamonkey 2.15 beta4
    cpe:2.3:a:mozilla:seamonkey:2.15:beta4
  • Mozilla Seamonkey 2.15 beta3
    cpe:2.3:a:mozilla:seamonkey:2.15:beta3
  • Mozilla Seamonkey 2.15 beta2
    cpe:2.3:a:mozilla:seamonkey:2.15:beta2
  • Mozilla Seamonkey 2.15 beta1
    cpe:2.3:a:mozilla:seamonkey:2.15:beta1
  • Mozilla Seamonkey 2.15
    cpe:2.3:a:mozilla:seamonkey:2.15
  • Mozilla Seamonkey 2.14 beta5
    cpe:2.3:a:mozilla:seamonkey:2.14:beta5
  • Mozilla Seamonkey 2.14 beta4
    cpe:2.3:a:mozilla:seamonkey:2.14:beta4
  • Mozilla Seamonkey 2.14 beta3
    cpe:2.3:a:mozilla:seamonkey:2.14:beta3
  • Mozilla Seamonkey 2.14 beta2
    cpe:2.3:a:mozilla:seamonkey:2.14:beta2
  • Mozilla Seamonkey 2.14 beta1
    cpe:2.3:a:mozilla:seamonkey:2.14:beta1
  • Mozilla Seamonkey 2.14
    cpe:2.3:a:mozilla:seamonkey:2.14
  • Mozilla Seamonkey 2.13.2
    cpe:2.3:a:mozilla:seamonkey:2.13.2
  • Mozilla SeaMonkey 2.13.1
    cpe:2.3:a:mozilla:seamonkey:2.13.1
  • Mozilla SeaMonkey 2.13 beta6
    cpe:2.3:a:mozilla:seamonkey:2.13:beta6
  • Mozilla SeaMonkey 2.13 beta5
    cpe:2.3:a:mozilla:seamonkey:2.13:beta5
  • Mozilla SeaMonkey 2.13 beta4
    cpe:2.3:a:mozilla:seamonkey:2.13:beta4
  • Mozilla SeaMonkey 2.13 beta3
    cpe:2.3:a:mozilla:seamonkey:2.13:beta3
  • Mozilla SeaMonkey 2.13 beta2
    cpe:2.3:a:mozilla:seamonkey:2.13:beta2
  • Mozilla SeaMonkey 2.13 beta1
    cpe:2.3:a:mozilla:seamonkey:2.13:beta1
  • Mozilla SeaMonkey 2.13
    cpe:2.3:a:mozilla:seamonkey:2.13
  • Mozilla SeaMonkey 2.12.1
    cpe:2.3:a:mozilla:seamonkey:2.12.1
  • Mozilla SeaMonkey 2.12 beta6
    cpe:2.3:a:mozilla:seamonkey:2.12:beta6
  • Mozilla SeaMonkey 2.12 beta5
    cpe:2.3:a:mozilla:seamonkey:2.12:beta5
  • Mozilla SeaMonkey 2.12 beta4
    cpe:2.3:a:mozilla:seamonkey:2.12:beta4
  • Mozilla SeaMonkey 2.12 beta3
    cpe:2.3:a:mozilla:seamonkey:2.12:beta3
  • Mozilla SeaMonkey 2.12 beta2
    cpe:2.3:a:mozilla:seamonkey:2.12:beta2
  • Mozilla SeaMonkey 2.12 beta1
    cpe:2.3:a:mozilla:seamonkey:2.12:beta1
  • Mozilla SeaMonkey 2.12
    cpe:2.3:a:mozilla:seamonkey:2.12
  • Mozilla SeaMonkey 2.11 beta6
    cpe:2.3:a:mozilla:seamonkey:2.11:beta6
  • Mozilla SeaMonkey 2.11 beta5
    cpe:2.3:a:mozilla:seamonkey:2.11:beta5
  • Mozilla SeaMonkey 2.11 beta4
    cpe:2.3:a:mozilla:seamonkey:2.11:beta4
  • Mozilla SeaMonkey 2.11 beta3
    cpe:2.3:a:mozilla:seamonkey:2.11:beta3
  • Mozilla SeaMonkey 2.11 beta2
    cpe:2.3:a:mozilla:seamonkey:2.11:beta2
  • Mozilla SeaMonkey 2.11 beta1
    cpe:2.3:a:mozilla:seamonkey:2.11:beta1
  • Mozilla SeaMonkey 2.11
    cpe:2.3:a:mozilla:seamonkey:2.11
  • Mozilla SeaMonkey 2.10.1
    cpe:2.3:a:mozilla:seamonkey:2.10.1
  • Mozilla SeaMonkey 2.10 beta3
    cpe:2.3:a:mozilla:seamonkey:2.10:beta3
  • Mozilla SeaMonkey 2.10 beta2
    cpe:2.3:a:mozilla:seamonkey:2.10:beta2
  • Mozilla SeaMonkey 2.10 beta1
    cpe:2.3:a:mozilla:seamonkey:2.10:beta1
  • Mozilla SeaMonkey 2.10
    cpe:2.3:a:mozilla:seamonkey:2.10
  • Mozilla SeaMonkey 2.1 Release Candidate 2
    cpe:2.3:a:mozilla:seamonkey:2.1:rc2
  • Mozilla SeaMonkey 2.1 Release Candidate 1
    cpe:2.3:a:mozilla:seamonkey:2.1:rc1
  • Mozilla SeaMonkey 2.1 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.1:beta3
  • Mozilla SeaMonkey 2.1 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.1:beta2
  • Mozilla SeaMonkey 2.1 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.1:beta1
  • Mozilla SeaMonkey 2.1 alpha3
    cpe:2.3:a:mozilla:seamonkey:2.1:alpha3
  • Mozilla SeaMonkey 2.1 alpha2
    cpe:2.3:a:mozilla:seamonkey:2.1:alpha2
  • Mozilla SeaMonkey 2.1 alpha1
    cpe:2.3:a:mozilla:seamonkey:2.1:alpha1
  • Mozilla SeaMonkey 2.1
    cpe:2.3:a:mozilla:seamonkey:2.1
  • Mozilla SeaMonkey 2.0.9
    cpe:2.3:a:mozilla:seamonkey:2.0.9
  • Mozilla SeaMonkey 2.0.8
    cpe:2.3:a:mozilla:seamonkey:2.0.8
  • Mozilla SeaMonkey 2.0.7
    cpe:2.3:a:mozilla:seamonkey:2.0.7
  • Mozilla SeaMonkey 2.0.6
    cpe:2.3:a:mozilla:seamonkey:2.0.6
  • Mozilla SeaMonkey 2.0.5
    cpe:2.3:a:mozilla:seamonkey:2.0.5
  • Mozilla SeaMonkey 2.0.4
    cpe:2.3:a:mozilla:seamonkey:2.0.4
  • Mozilla SeaMonkey 2.0.3
    cpe:2.3:a:mozilla:seamonkey:2.0.3
  • Mozilla SeaMonkey 2.0.2
    cpe:2.3:a:mozilla:seamonkey:2.0.2
  • Mozilla SeaMonkey 2.0.14
    cpe:2.3:a:mozilla:seamonkey:2.0.14
  • Mozilla SeaMonkey 2.0.13
    cpe:2.3:a:mozilla:seamonkey:2.0.13
  • Mozilla SeaMonkey 2.0.12
    cpe:2.3:a:mozilla:seamonkey:2.0.12
  • Mozilla SeaMonkey 2.0.11
    cpe:2.3:a:mozilla:seamonkey:2.0.11
  • Mozilla SeaMonkey 2.0.10
    cpe:2.3:a:mozilla:seamonkey:2.0.10
  • Mozilla SeaMonkey 2.0.1
    cpe:2.3:a:mozilla:seamonkey:2.0.1
  • Mozilla SeaMonkey 2.0 RC2
    cpe:2.3:a:mozilla:seamonkey:2.0:rc2
  • Mozilla SeaMonkey 2.0 RC1
    cpe:2.3:a:mozilla:seamonkey:2.0:rc1
  • Mozilla SeaMonkey 2.0 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.0:beta_2
  • Mozilla SeaMonkey 2.0 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.0:beta_1
  • Mozilla SeaMonkey 2.0 Alpha 3
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3
  • Mozilla SeaMonkey 2.0 Alpha 2
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2
  • Mozilla SeaMonkey 2.0 Alpha 1
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1
  • Mozilla SeaMonkey 2.0
    cpe:2.3:a:mozilla:seamonkey:2.0
  • Mozilla SeaMonkey 1.5.0.9
    cpe:2.3:a:mozilla:seamonkey:1.5.0.9
  • Mozilla SeaMonkey 1.5.0.8
    cpe:2.3:a:mozilla:seamonkey:1.5.0.8
  • Mozilla SeaMonkey 1.5.0.10
    cpe:2.3:a:mozilla:seamonkey:1.5.0.10
  • Mozilla SeaMonkey 1.1.9
    cpe:2.3:a:mozilla:seamonkey:1.1.9
  • Mozilla SeaMonkey 1.1.8
    cpe:2.3:a:mozilla:seamonkey:1.1.8
  • Mozilla Seamonkey 1.1.7
    cpe:2.3:a:mozilla:seamonkey:1.1.7
  • Mozilla Seamonkey 1.1.6
    cpe:2.3:a:mozilla:seamonkey:1.1.6
  • Mozilla Seamonkey 1.1.5
    cpe:2.3:a:mozilla:seamonkey:1.1.5
  • Mozilla Seamonkey 1.1.4
    cpe:2.3:a:mozilla:seamonkey:1.1.4
  • Mozilla Seamonkey 1.1.3
    cpe:2.3:a:mozilla:seamonkey:1.1.3
  • Mozilla Seamonkey 1.1.2
    cpe:2.3:a:mozilla:seamonkey:1.1.2
  • Mozilla Seamonkey 1.1.19
    cpe:2.3:a:mozilla:seamonkey:1.1.19
  • Mozilla Seamonkey 1.1.18
    cpe:2.3:a:mozilla:seamonkey:1.1.18
  • Mozilla SeaMonkey 1.1.17
    cpe:2.3:a:mozilla:seamonkey:1.1.17
  • Mozilla SeaMonkey 1.1.16
    cpe:2.3:a:mozilla:seamonkey:1.1.16
  • Mozilla SeaMonkey 1.1.15
    cpe:2.3:a:mozilla:seamonkey:1.1.15
  • Mozilla SeaMonkey 1.1.14
    cpe:2.3:a:mozilla:seamonkey:1.1.14
  • Mozilla SeaMonkey 1.1.13
    cpe:2.3:a:mozilla:seamonkey:1.1.13
  • Mozilla SeaMonkey 1.1.12
    cpe:2.3:a:mozilla:seamonkey:1.1.12
  • Mozilla SeaMonkey 1.1.11
    cpe:2.3:a:mozilla:seamonkey:1.1.11
  • Mozilla SeaMonkey 1.1.10
    cpe:2.3:a:mozilla:seamonkey:1.1.10
  • Mozilla Seamonkey 1.1.1
    cpe:2.3:a:mozilla:seamonkey:1.1.1
  • Mozilla SeaMonkey 1.1 beta
    cpe:2.3:a:mozilla:seamonkey:1.1:beta
  • Mozilla SeaMonkey 1.1 alpha
    cpe:2.3:a:mozilla:seamonkey:1.1:alpha
  • Mozilla SeaMonkey 1.1
    cpe:2.3:a:mozilla:seamonkey:1.1
  • Mozilla SeaMonkey 1.0.9
    cpe:2.3:a:mozilla:seamonkey:1.0.9
  • Mozilla SeaMonkey 1.0.8
    cpe:2.3:a:mozilla:seamonkey:1.0.8
  • Mozilla SeaMonkey 1.0.7
    cpe:2.3:a:mozilla:seamonkey:1.0.7
  • Mozilla SeaMonkey 1.0.6
    cpe:2.3:a:mozilla:seamonkey:1.0.6
  • Mozilla SeaMonkey 1.0.5
    cpe:2.3:a:mozilla:seamonkey:1.0.5
  • Mozilla SeaMonkey 1.0.4
    cpe:2.3:a:mozilla:seamonkey:1.0.4
  • Mozilla SeaMonkey 1.0.3
    cpe:2.3:a:mozilla:seamonkey:1.0.3
  • Mozilla SeaMonkey 1.0.2
    cpe:2.3:a:mozilla:seamonkey:1.0.2
  • Mozilla SeaMonkey 1.0.1
    cpe:2.3:a:mozilla:seamonkey:1.0.1
  • Mozilla SeaMonkey 1.0 beta
    cpe:2.3:a:mozilla:seamonkey:1.0:beta
  • Mozilla SeaMonkey 1.0 alpha
    cpe:2.3:a:mozilla:seamonkey:1.0:alpha
  • Mozilla SeaMonkey 1.0
    cpe:2.3:a:mozilla:seamonkey:1.0
  • Mozilla SeaMonkey
    cpe:2.3:a:mozilla:seamonkey
  • cpe:2.3:a:google:chrome:37.0.2062.103
    cpe:2.3:a:google:chrome:37.0.2062.103
  • cpe:2.3:a:google:chrome:37.0.2062.102
    cpe:2.3:a:google:chrome:37.0.2062.102
  • cpe:2.3:a:google:chrome:37.0.2062.100
    cpe:2.3:a:google:chrome:37.0.2062.100
  • Google Chrome 37.0.2062.20
    cpe:2.3:a:google:chrome:37.0.2062.20
  • Google Chrome 37.0.2062.3
    cpe:2.3:a:google:chrome:37.0.2062.3
  • Google Chrome 37.0.2062.0
    cpe:2.3:a:google:chrome:37.0.2062.0
  • Google Chrome OS
    cpe:2.3:o:google:chrome_os
CVSS
Base: 7.5 (as of 09-11-2016 - 13:24)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBFREEBL3-140925.NASL
    description Mozilla NSS was updated to version 3.16.5 to fix a RSA certificate forgery issue. - Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services (NSS) libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates. (MFSA 2014-73 / CVE-2014-1568) The Advanced Threat Research team at Intel Security also independently discovered and reported this issue.
    last seen 2019-02-21
    modified 2014-10-17
    plugin id 77959
    published 2014-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77959
    title SuSE 11.3 Security Update : mozilla-nss (SAT Patch Number 9777)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_48108FB0751C4CBB8F3309239EAD4B55.NASL
    description The Mozilla Project reports : Antoine Delignat-Lavaud discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 77883
    published 2014-09-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77883
    title FreeBSD : NSS -- RSA Signature Forgery (48108fb0-751c-4cbb-8f33-09239ead4b55)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0066.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix SSL_DH_MIN_P_BITS in more places. - Keep SSL_DH_MIN_P_BITS at 768 as in the previously released build. - Run SSL tests - Add compatility patches to prevent regressions - Ensure all ssl.sh tests are executed - Rebase to nss 3.21 - Resolves: Bug 1297944 - Rebase RHEL 5.11.z to NSS 3.21 in preparation for Firefox 45 - Actually apply the fix for CVE-2016-1950 from NSS 3.19.2.3 ... - Include the fix for CVE-2016-1950 from NSS 3.19.2.3 - Resolves: Bug 1269354 - CVE-2015-7182 (CVE-2015-7181) - Rebase nss to 3.19.1 - Pick up upstream fix for client auth. regression caused by 3.19.1 - Revert upstream change to minimum key sizes - Remove patches that rendered obsolote by the rebase - Update existing patches on account of the rebase - Pick up upstream patch from nss-3.19.1 - Resolves: Bug 1236954 - CVE-2015-2730 NSS: ECDSA signature validation fails to handle some signatures correctly (MFSA 2015-64) - Resolves: Bug 1236967 - CVE-2015-2721 NSS: incorrectly permited skipping of ServerKeyExchange (MFSA 2015-71) - On RHEL 6.x keep the TLS version defaults unchanged. - Update to CKBI 2.4 from NSS 3.18.1 (the only change in NSS 3.18.1) - Copy PayPalICA.cert and PayPalRootCA.cert to nss/tests/libpkix/certs - Resolves: Bug 1200905 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-5.11] - Update and reeneable nss-646045.patch on account of the rebase - Enable additional ssl test cycles and document why some aren't enabled - Resolves: Bug 1200905 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-5.11] - Fix shell syntax error on nss/tests/all.sh - Resolves: Bug 1200905 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-5.11] - Replace expired PayPal test certificate that breaks the build - Resolves: Bug 1200905 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-5.11] - Resolves: Bug 1200905 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-5.11] - Resolves: Bug 1158159 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 - Adjust softokn patch to be compatible with legacy softokn API. - Resolves: Bug 1145430 - (CVE-2014-1568) - Add patches published with NSS 3.16.2.1 - Resolves: Bug 1145430 - (CVE-2014-1568) - Backport nss-3.12.6 upstream fix required by Firefox 31 ESR - Resolves: Bug 1110860 - Rebase to nss-3.16.1 for FF31 - Resolves: Bug 1110860 - Rebase nss in RHEL 5.11 to NSS 3.16.1, required for FF 31 - Remove unused and obsolete patches - Related: Bug 1032468 - Improve shell code for error detection on %check section - Resolves: Bug 1035281 - Suboptimal shell code in nss.spec - Revoke trust in one mis-issued anssi certificate - Resolves: Bug 1042684 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) - Pick up corrections made in the rhel-10.Z branch, remove an unused patch - Resolves: rhbz#1032468 - CVE-2013-5605 CVE-2013-5606 (CVE-2013-1741) nss: various flaws [rhel-5.11] - Remove unused patch and retag for update to nss-3.15.3 - Resolves: rhbz#1032468 - CVE-2013-5605 CVE-2013-5606 (CVE-2013-1741) nss: various flaws [rhel-5.11] - Update to nss-3.15.3 - Resolves: rhbz#1032468 - CVE-2013-5605 CVE-2013-5606 (CVE-2013-1741) nss: various flaws [rhel-5.11] - Remove unused patches - Resolves: rhbz#1002642 - Rebase RHEL 5 to NSS 3.15.1 (for FF 24.x) - Rebase to nss-3.15.1 - Resolves: rhbz#1002642 - Rebase RHEL 5 to NSS 3.15.1 (for FF 24.x) - Resolves: rhbz#1015864 - [Regression] NSS no longer trusts MD5 certificates - Split %check section tests in two: freebl/softoken and rest of nss tests - Adjust various patches and spec file steps on account of the rebase - Add various patches and remove obsoleted ones on account of the rebase - Renumber patches so freeb/softoken ones match the corresponding ones in rhel-6 nss-softokn - Make the freebl sources identical to the corresponding ones for rhel-6.5 - Related: rhbz#987131 - Adjust the patches to complete the syncup with upstrean nss - Use NSS_DISABLE_HW_GCM on the patch as we do on the spec file - Ensure softoken/freebl code is the same on nss side as on the softoken side - Related: rhbz#987131 - Add disable_hw_gcm.patch and in the spec file export NSS_DISABLE_HW_GCM=1 - Disable HW GCM on RHEL-5 as the older kernel lacks support for it - Related: rhbz#987131 - Related: rhbz#987131 - Display cpuifo as part of the tests - Resolves: rhbz#987131 - Pick up various upstream GCM code fixes applied since nss-3.14.3 was released - Roll back to 79c87e69caa7454cbcf5f8161a628c538ff3cab3 - Peviously added patch hasn't solved the sporadic core dumps - Related: rhbz#983766 - nssutil_ReadSecmodDB leaks memory - Resolves: rhbz#983766 - nssutil_ReadSecmodDB leaks memory - Add patch to get rid of sporadic blapitest core dumps - Restore 'export NO_FORK_CHECK=1' required for binary compatibility on RHEL-5 - Remove an unused patch - Resolves: rhbz#918948 - [RFE][RHEL5] Rebase to nss-3.14.3 - Resolves: rhbz#807419 - nss-tools certutil -H does not list all options - Apply upstream fixes for ecc enabling and aes gcm - Rename two macros EC_MIN_KEY_BITS and EC_MAX_KEY_BITS per upstream - Apply several upstream AES GCM fixes - Resolves: rhbz#960241 - Enable ECC in nss and freebl - Resolves: rhbz#918948 - [RFE][RHEL5] - Enable ECC support limited to suite b - Export NSS_ENABLE_ECC=1 in the %check section to properly test ecc - Resolves: rhbz#960241 - Enable ECC in nss and freebl - Define -DNO_FORK_CHECK when compiling softoken for ABI compatibility - Resolves: rhbz#918948 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue - Remove obsolete nss-nochktest.patch - Related: rhbz#960241 - Enable ECC in nss and freebl - Enable ECC by using the unstripped sources - Resolves: rhbz#960241 - Enable ECC in nss and freebl - Fix rpmdiff test reported failures and remove other unwanted changes - Resolves: rhbz#918948 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue - Mon Apr 22 2013 Elio Maldonado - 3.14.3-3 - Update to NSS_3_14_3_RTM - Rework the rebase to preserve needed idiosynchracies - Ensure we install frebl/softoken from the extra build tree - Don't include freebl static library or its private headers - Add patch to deal with system sqlite not being recent enough - Don't install nss-sysinit nor sharedb - Resolves: rhbz#918948 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue - Mon Apr 01 2013 Elio Maldonado - 3.14.3-2 - Restore the freebl-softoken source tar ball updated to 3.14.3 - Renumbering of some sources for clarity - Resolves: rhbz#918948 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue - Update to NSS_3_14_3_RTM - Resolves: rhbz#918948 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue - Resolves: rhbz#891150 - Dis-trust TURKTRUST mis-issued *.google.com certificate - Update to NSS_3_13_6_RTM - Resolves: rhbz#883788 - [RFE] [RHEL5] Rebase to NSS >= 3.13.6 - Resolves: rhbz#820684 - Fix last entry in attrFlagsArray to be [NAME_SIZE(unextractable), PK11_ATTR_UNEXTRACTABLE] - Resolves: rhbz#820684 - Enable certutil handle user supplied flags for PKCS #11 attributes. - This will enable certutil to generate keys in fussy hardware tokens. - fix an error in the patch meta-information area (no code change) - Related: rhbz#830304 - Fix ia64 / i386 multilib nss install failure - Remove no longer needed %pre and %preun scriplets meant for nss updates from RHEL-5.0 - Related: rhbz#830304 - Fix the changes to the %post line - Having multiple commands requires that /sbin/lconfig be the beginning of the scriptlet - Resolves: rhbz#830304 - Fix multilib and scriptlet problems - Fix %post and %postun lines per packaging guildelines - Add %[?_isa] to tools Requires: per packaging guidelines - Fix explicit-lib-dependency zlib error reported by rpmlint - Resolves: rhbz#830304 - Remove unwanted change to nss.pc.in - Update to NSS_3_13_5_RTM - Resolves: rhbz#830304 - Update RHEL 5.x to NSS 3.13.5 and NSPR 4.9.1 for Mozilla 10.0.6 - Resolves: rhbz#797939 - Protect NSS_Shutdown from clients that fail to initialize nss - Resolves: Bug 788039 - retagging to prevent update problems - Resolves: Bug 788039 - rebase nss to make firefox 10 LTS rebase possible - Update to 4.8.9 - Resolves: Bug 713373 - File descriptor leak after service httpd reload - Don't initialize nss if already initialized or if there are no dbs - Retagging for a Y-stream version higher than the RHEL-5-7-Z branch - Retagging to keep the n-v-r as high as that for the RHEL-5-7-Z branch - Update builtins certs to those from NSSCKBI_1_88_RTM - Plug file descriptor leaks on httpd reloads - Update builtins certs to those from NSSCKBI_1_87_RTM - Update builtins certs to those from NSSCKBI_1_86_RTM - Update builtins certs to NSSCKBI_1_85_RTM - Update to 3.12.10 - Fix libcrmf hard-coded maximum size for wrapped private keys - Update builtin certs to NSS_3.12.9_WITH_CKBI_1_82_RTM via a patch - Update builtin certs to those from NSS_3.12.9_WITH_CKBI_1_82_RTM - Update to 3.12.8
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 91747
    published 2016-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91747
    title OracleVM 3.2 : nss (OVMSA-2016-0066)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_31_1_1_ESR.NASL
    description The version of Firefox ESR 31.x installed on the remote host is prior to 31.1.1. It is, therefore, affected by a flaw in the Network Security Services (NSS) library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificates.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 77900
    published 2014-09-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77900
    title Firefox ESR 31.x < 31.1.1 NSS Signature Verification Vulnerability (Mac OS X)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2014-422.NASL
    description A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS.
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 78365
    published 2014-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78365
    title Amazon Linux AMI : nss-util (ALAS-2014-422)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2360-1.NASL
    description Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 77851
    published 2014-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77851
    title Ubuntu 12.04 LTS / 14.04 LTS : firefox vulnerabilities (USN-2360-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-562.NASL
    description Mozilla NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77965
    published 2014-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77965
    title openSUSE Security Update : mozilla-nss (openSUSE-SU-2014:1232-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2360-2.NASL
    description USN-2360-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 77852
    published 2014-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77852
    title Ubuntu 12.04 LTS / 14.04 LTS : thunderbird vulnerabilities (USN-2360-2)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2014-1510-1.NASL
    description - update to Firefox 31.2.0 ESR (bnc#900941) - MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 (bmo#1001994, bmo#1011354, bmo#1018916, bmo#1020034, bmo#1023035, bmo#1032208, bmo#1033020, bmo#1034230, bmo#1061214, bmo#1061600, bmo#1064346, bmo#1072044, bmo#1072174) Miscellaneous memory safety hazards (rv:33.0/rv:31.2) - MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation - MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms - MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video - MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality - MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe - MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing cross-origin objects via the Alarms API - SSLv3 is disabled by default. See README.POODLE for more detailed information. - disable call home features - update to 3.17.2 (bnc#900941) Bugfix release - bmo#1049435 - Importing an RSA private key fails if p < q - bmo#1057161 - NSS hangs with 100% CPU on invalid EC key - bmo#1078669 - certutil crashes when using the --certVersion parameter - changes from earlier version of the 3.17 branch: update to 3.17.1 (bnc#897890) - MFSA 2014-73/CVE-2014-1568 (bmo#1064636, bmo#1069405) RSA Signature Forgery in NSS - Change library's signature algorithm default to SHA256 - Add support for draft-ietf-tls-downgrade-scsv - Add clang-cl support to the NSS build system - Implement TLS 1.3 : - Part 1. Negotiate TLS 1.3 - Part 2. Remove deprecated cipher suites andcompression. - Add support for little-endian powerpc64 update to 3.17 - required for Firefox 33 New functionality : - When using ECDHE, the TLS server code may be configured to generate a fresh ephemeral ECDH key for each handshake, by setting the SSL_REUSE_SERVER_ECDHE_KEY socket option to PR_FALSE. The SSL_REUSE_SERVER_ECDHE_KEY option defaults to PR_TRUE, which means the server's ephemeral ECDH key is reused for multiple handshakes. This option does not affect the TLS client code, which always generates a fresh ephemeral ECDH key for each handshake. New Macros - SSL_REUSE_SERVER_ECDHE_KEY Notable Changes : - The manual pages for the certutil and pp tools have been updated to document the new parameters that had been added in NSS 3.16.2. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 83849
    published 2015-05-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83849
    title SUSE SLED12 / SLES12 Security Update : MozillaFirefox / mozilla-nss (SUSE-SU-2014:1510-1)
  • NASL family Windows
    NASL id SEAMONKEY_2_29_1.NASL
    description The version of SeaMonkey installed on the remote host is prior to 2.29.1. It is, therefore, affected by a flaw in the Network Security Services (NSS) library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificates.
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 77909
    published 2014-09-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77909
    title SeaMonkey < 2.29.1 NSS Signature Verification Vulnerability
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2014-424.NASL
    description A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS.
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 78367
    published 2014-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78367
    title Amazon Linux AMI : nss (ALAS-2014-424)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-62.NASL
    description Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library) was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack. An attacker could craft ASN.1 data to forge RSA certificates with a valid certification chain to a trusted CA. This update fixes this issue for the NSS libraries. Note that iceweasel, which is also affected by CVE-2014-1568, however has reached end-of-life in Squeeze(-LTS) and thus has not been fixed. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 82207
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82207
    title Debian DLA-62-1 : nss security update
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2361-1.NASL
    description Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 77853
    published 2014-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77853
    title Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : nss vulnerability (USN-2361-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2014-189.NASL
    description A vulnerability has been discovered and corrected in Mozilla NSS : Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services (NSS) libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates (CVE-2014-1568). The updated NSPR packages have been upgraded to the latest 4.10.7 version. The updated NSS packages have been upgraded to the latest 3.17.1 version which is not vulnerable to this issue. Additionally the rootcerts package has also been updated to the latest version as of 2014-08-05.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 77889
    published 2014-09-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77889
    title Mandriva Linux Security Advisory : nss (MDVSA-2014:189)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1354.NASL
    description An updated rhev-hypervisor6 package that fixes several security issues is now available. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue. (CVE-2014-6271) It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue. (CVE-2014-7169) A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. (CVE-2014-1568) It was discovered that the fixed-sized redir_stack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code. (CVE-2014-7186) An off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs. Depending on the layout of the .bss segment, this could allow arbitrary execution of code that would not otherwise be executed by Bash. (CVE-2014-7187) Red Hat would like to thank Stephane Chazelas for reporting CVE-2014-6271, and the Mozilla project for reporting CVE-2014-1568. Upstream acknowledges Antoine Delignat-Lavaud and Intel Product Security Incident Response Team as the original reporters of CVE-2014-1568. The CVE-2014-7186 and CVE-2014-7187 issues were discovered by Florian Weimer of Red Hat Product Security. Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79053
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79053
    title RHEL 6 : rhev-hypervisor6 (RHSA-2014:1354) (Shellshock)
  • NASL family Web Servers
    NASL id GLASSFISH_CPU_APR_2015.NASL
    description The version of GlassFish Server running on the remote host is affected by multiple vulnerabilities : - A flaw exists in the bundled cURL and libcurl packages. The certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) is disabled when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled. This allows a man-in-the-middle attacker to spoof SSL servers via an arbitrary valid certificate. (CVE-2013-4545) - A flaw exists in the bundled Network Security Services (NSS) library due to improper parsing of ASN.1 values in X.509 certificates. This allows a man-in-the-middle attacker to spoof RSA signatures via a crafted certificate. (CVE-2014-1568) - A man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 82902
    published 2015-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82902
    title Oracle GlassFish Server Multiple Vulnerabilities (April 2015 CPU) (POODLE)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_GOOGLE_CHROME_37_0_2062_124.NASL
    description The version of Google Chrome installed on the remote Mac OS X host is a version prior to 37.0.2062.124. It is, therefore, affected by an issue in the Network Security Services (NSS) libraries. This issue is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forgery of RSA signatures, such as SSL certificates.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 77862
    published 2014-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77862
    title Google Chrome < 37.0.2062.124 Multiple Vulnerabilities (Mac OS X)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_BD2EF267448511E4B0B700262D5ED8EE.NASL
    description Google Chrome Releases reports : [414124] RSA signature malleability in NSS (CVE-2014-1568). Thanks to Antoine Delignat-Lavaud of Prosecco/INRIA, Brian Smith and Advanced Threat Research team at Intel Security
    last seen 2019-02-21
    modified 2014-09-29
    plugin id 77884
    published 2014-09-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77884
    title FreeBSD : chromium -- RSA signature malleability in NSS (bd2ef267-4485-11e4-b0b7-00262d5ed8ee)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2014-423.NASL
    description A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS.
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 78366
    published 2014-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78366
    title Amazon Linux AMI : nss-softokn (ALAS-2014-423)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2014-0082.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : nss - Added nss-vendor.patch to change vendor - Resolves: Bug 1158160 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 - Remove unused indentation pseudo patch - require nss util 3.16.2.3 - Restore patch for certutil man page - supply missing options descriptions to the man page - Resolves: Bug 1158160 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 - Resolves: Bug 1165003 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 - Support TLS_FALLBACK_SCSV in tstclnt and ssltap - Resolves: Bug 1145432 - (CVE-2014-1568) - Fix pem deadlock caused by previous version of a fix for a race condition - Fixes: Bug 1090681 - Add references to bugs filed upstream - Related: Bug 1090681, Bug 1104300 - Resolves: Bug 1090681 - RHDS 9.1 389-ds-base-1.2.11.15-31 crash in PK11_DoesMechanism - Replace expired PayPal test certificate that breaks the build - Related: Bug 1099619 - Fix defects found by coverity - Resolves: Bug 1104300 - Backport nss-3.12.6 upstream fix required by Firefox 31 - Resolves: Bug 1099619 nss-util - Resolves: Bug 1165003 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 - Fix the required nspr version to be 4.10.6
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 80007
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80007
    title OracleVM 3.3 : nss (OVMSA-2014-0082)
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_31_1_2.NASL
    description The version of Thunderbird installed on the remote host is prior to 31.1.2. It is, therefore, affected by a flaw in the Network Security Services (NSS) library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificates.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 77908
    published 2014-09-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77908
    title Mozilla Thunderbird < 31.1.2 NSS Signature Verification Vulnerability
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-11518.NASL
    description https://www.mozilla.org/security/announce/2014/mfsa2014-73.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 77940
    published 2014-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77940
    title Fedora 20 : nss-3.17.1-1.fc20 / nss-softokn-3.17.1-2.fc20 / nss-util-3.17.1-1.fc20 (2014-11518)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1371.NASL
    description Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. (CVE-2014-1568) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Antoine Delignat-Lavaud and Intel Product Security Incident Response Team as the original reporters. All NSS users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, applications using NSS must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 79055
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79055
    title RHEL 4 / 5 / 6 : nss (RHSA-2014:1371)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_32_0_3.NASL
    description The version of Firefox installed on the remote host is prior to 32.0.3. It is, therefore, affected by a flaw in the Network Security Services (NSS) library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificates.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 77906
    published 2014-09-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77906
    title Firefox < 32.0.3 NSS Signature Verification Vulnerability
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_24_8_1_ESR.NASL
    description The version of Firefox ESR 24.x installed on the remote host is prior to 24.8.1. It is, therefore, affected by a flaw in the Network Security Services (NSS) library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificates.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 77899
    published 2014-09-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77899
    title Firefox ESR 24.x < 24.8.1 NSS Signature Verification Vulnerability (Mac OS X)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_32_0_3.NASL
    description The version of Firefox installed on the remote host is prior to 32.0.3. It is, therefore, affected by a flaw in the Network Security Services (NSS) library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificates.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 77901
    published 2014-09-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77901
    title Firefox < 32.0.3 NSS Signature Verification Vulnerability (Mac OS X)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1307.NASL
    description Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. (CVE-2014-1568) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Antoine Delignat-Lavaud and Intel Product Security Incident Response Team as the original reporters. All NSS users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, applications using NSS must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 77896
    published 2014-09-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77896
    title RHEL 5 / 6 / 7 : nss (RHSA-2014:1307)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-059.NASL
    description Multiple vulnerabilities has been found and corrected in the Mozilla NSS and NSPR packages : The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate (CVE-2014-1492). Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain (CVE-2014-1544). Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a signature malleability issue (CVE-2014-1568). The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as demonstrated by the SEC_QuickDERDecodeItem function's improper handling of an arbitrary-length encoding of 0x00 (CVE-2014-1569). Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions (CVE-2014-1545). The sqlite3 packages have been upgraded to the 3.8.6 version due to an prerequisite to nss-3.17.x. Additionally the rootcerts package has also been updated to the latest version as of 2014-11-17, which adds, removes, and distrusts several certificates. The updated packages provides a solution for these security issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 81942
    published 2015-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81942
    title Mandriva Linux Security Advisory : nss (MDVSA-2015:059)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1307.NASL
    description Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. (CVE-2014-1568) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Antoine Delignat-Lavaud and Intel Product Security Incident Response Team as the original reporters. All NSS users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, applications using NSS must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77918
    published 2014-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77918
    title CentOS 5 / 6 / 7 : nss (CESA-2014:1307)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_THUNDERBIRD_24_8_1.NASL
    description The version of Thunderbird 24.x installed on the remote host is prior to 24.8.1. It is, therefore, affected by a flaw in the Network Security Services (NSS) library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificates.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 77902
    published 2014-09-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77902
    title Mozilla Thunderbird 24.x < 24.8.1 NSS Signature Verification Vulnerability (Mac OS X)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_31_1_1_ESR.NASL
    description The version of Firefox ESR 31.x installed on the remote host is prior to 31.1.1. It is, therefore, affected by a flaw in the Network Security Services (NSS) library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificates.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 77905
    published 2014-09-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77905
    title Firefox ESR 31.x < 31.1.1 NSS Signature Verification Vulnerability
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_24_8_1.NASL
    description The version of Thunderbird 24.x installed on the remote host is prior to 24.8.1. It is, therefore, affected by a flaw in the Network Security Services (NSS) library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificates.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 77907
    published 2014-09-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77907
    title Mozilla Thunderbird 24.x < 24.8.1 NSS Signature Verification Vulnerability
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_THUNDERBIRD_31_1_2.NASL
    description The version of Thunderbird installed on the remote host is prior to 31.1.2. It is, therefore, affected by a flaw in the Network Security Services (NSS) library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificates.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 77903
    published 2014-09-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77903
    title Mozilla Thunderbird < 31.1.2 NSS Signature Verification Vulnerability (Mac OS X)
  • NASL family Windows
    NASL id IPLANET_WEB_PROXY_4_0_25.NASL
    description According to its self-reported version, the Oracle iPlanet Web Proxy Server installed on the remote host is version 4.0 prior to 4.0.25. It is, therefore, affected by a flaw in the Network Security Services (NSS) library due to improper parsing of ASN.1 values in an RSA signature. A man-in-the-middle attacker, using a crafted certificate, can exploit this to forge RSA signatures, such as SSL certificates. Note that Oracle iPlanet Web Proxy Server was formerly known as Sun Java System Web Proxy Server.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 82994
    published 2015-04-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82994
    title Oracle iPlanet Web Proxy Server 4.0 < 4.0.25 NSS Signature Verification Vulnerability
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-11565.NASL
    description https://www.mozilla.org/security/announce/2014/mfsa2014-73.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 78368
    published 2014-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78368
    title Fedora 19 : nss-3.17.1-1.fc19 / nss-softokn-3.17.1-2.fc19 / nss-util-3.17.1-1.fc19 (2014-11565)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3037.NASL
    description Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library, embedded in Wheezy's Icedove), was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack. An attacker could craft ASN.1 data to forge RSA certificates with a valid certification chain to a trusted CA.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77920
    published 2014-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77920
    title Debian DSA-3037-1 : icedove - security update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3034.NASL
    description Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library, embedded in Wheezy's Iceweasel package), was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack. An attacker could craft ASN.1 data to forge RSA certificates with a valid certification chain to a trusted CA.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77881
    published 2014-09-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77881
    title Debian DSA-3034-1 : iceweasel - security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-11632.NASL
    description https://www.mozilla.org/security/announce/2014/mfsa2014-73.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 77944
    published 2014-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77944
    title Fedora 21 : nss-3.17.1-1.fc21 / nss-softokn-3.17.1-2.fc21 / nss-util-3.17.1-1.fc21 (2014-11632)
  • NASL family Junos Local Security Checks
    NASL id JUNIPER_SPACE_JSA10698.NASL
    description According to its self-reported version number, the version of Junos Space running on the remote device is prior to 15.1R1. It is, therefore, affected by multiple vulnerabilities : - An error exists within the Apache 'mod_session_dbd' module, related to save operations for a session, due to a failure to consider the dirty flag and to require a new session ID. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2013-2249) - An unspecified flaw exists in the MySQL Server component related to error handling that allows a remote attacker to cause a denial of service condition. (CVE-2013-5908) - A flaw exists within the Apache 'mod_dav' module that is caused when tracking the length of CDATA that has leading white space. An unauthenticated, remote attacker can exploit this, via a specially crafted DAV WRITE request, to cause the service to stop responding. (CVE-2013-6438) - A flaw exists within the Apache 'mod_log_config' module that is caused when logging a cookie that has an unassigned value. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause the service to crash. (CVE-2014-0098) - A flaw exists, related to pixel manipulation, in the 2D component in the Oracle Java runtime that allows an unauthenticated, remote attacker to impact availability, confidentiality, and integrity. (CVE-2014-0429) - A flaw exists, related to PKCS#1 unpadding, in the Security component in the Oracle Java runtime that allows an unauthenticated, remote attacker to gain knowledge of timing information, which is intended to be protected by encryption. (CVE-2014-0453) - A race condition exists, related to array copying, in the Hotspot component in the Oracle Java runtime that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2014-0456) - A flaw exists in the JNDI component in the Oracle Java runtime due to missing randomization of query IDs. An unauthenticated, remote attacker can exploit this to conduct spoofing attacks. (CVE-2014-0460) - A flaw exists in the Mozilla Network Security Services (NSS) library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificates. (CVE-2014-1568) - An unspecified flaw exists in the MySQL Server component related to the CLIENT:SSL:yaSSL subcomponent that allows a remote attacker to impact integrity. (CVE-2014-6478) - Multiple unspecified flaws exist in the MySQL Server component related to the SERVER:SSL:yaSSL subcomponent that allow a remote attacker to impact confidentiality, integrity, and availability. (CVE-2014-6491, CVE-2014-6500) - Multiple unspecified flaws exist in the MySQL Server component related to the CLIENT:SSL:yaSSL subcomponent that allow a remote attacker to cause a denial of service condition. (CVE-2014-6494, CVE-2014-6495, CVE-2014-6496) - An unspecified flaw exists in the MySQL Server component related to the C API SSL Certificate Handling subcomponent that allows a remote attacker to disclose potentially sensitive information. (CVE-2014-6559) - An unspecified flaw exists in the MySQL Server component related to the Server:Compiling subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2015-0501) - An XML external entity (XXE) injection vulnerability exists in OpenNMS due to the Castor component accepting XML external entities from exception messages. An unauthenticated, remote attacker can exploit this, via specially crafted XML data in a RTC post, to access local files. (CVE-2015-0975) - An unspecified flaw exists in the MySQL Server component related to the Server:Security:Privileges subcomponent that allows a remote attacker to disclose potentially sensitive information. (CVE-2015-2620) - A heap buffer overflow condition exists in QEMU in the pcnet_transmit() function within file hw/net/pcnet.c due to improper validation of user-supplied input when handling multi-TMD packets with a length above 4096 bytes. An unauthenticated, remote attacker can exploit this, via specially crafted packets, to gain elevated privileges from guest to host. (CVE-2015-3209) - Multiple cross-site scripting (XSS), SQL injection, and command injection vulnerabilities exist in Junos Space that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2015-7753)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 91778
    published 2016-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91778
    title Juniper Junos Space < 15.1R1 Multiple Vulnerabilities (JSA10698)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3033.NASL
    description Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library) was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack. An attacker could craft ASN.1 data to forge RSA certificates with a valid certification chain to a trusted CA.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77880
    published 2014-09-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77880
    title Debian DSA-3033-1 : nss - security update
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20140926_NSS_ON_SL5_X.NASL
    description A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. (CVE-2014-1568) After installing this update, applications using NSS must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 77957
    published 2014-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77957
    title Scientific Linux Security Update : nss on SL5.x, SL6.x i386/x86_64
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_24_8_1_ESR.NASL
    description The version of Firefox ESR 24.x installed on the remote host is prior to 24.8.1. It is, therefore, affected by a flaw in the Network Security Services (NSS) library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificates.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 77904
    published 2014-09-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77904
    title Firefox ESR 24.x < 24.8.1 NSS Signature Verification Vulnerability
  • NASL family Windows
    NASL id GOOGLE_CHROME_37_0_2062_124.NASL
    description The version of Google Chrome installed on the remote host is a version prior to 37.0.2062.124. It is, therefore, affected by an issue in the Network Security Services (NSS) libraries. This issue is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forgery of RSA signatures, such as SSL certificates.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 77861
    published 2014-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77861
    title Google Chrome < 37.0.2062.124 Multiple Vulnerabilities
  • NASL family Web Servers
    NASL id SUN_JAVA_WEB_SERVER_7_0_21.NASL
    description According to its self-reported version, the Oracle iPlanet Web Server (formerly known as Sun Java System Web Server) running on the remote host is 7.0.x prior to 7.0.21. It is, therefore, affected by a flaw in the Network Security Services (NSS) library due to improper parsing of ASN.1 values in an RSA signature. A man-in-the-middle attacker, using a crafted certificate, can exploit this to forge RSA signatures, such as SSL certificates.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 82995
    published 2015-04-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82995
    title Oracle iPlanet Web Server 7.0.x < 7.0.21 NSS Signature Verification Vulnerability
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1307.NASL
    description From Red Hat Security Advisory 2014:1307 : Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. (CVE-2014-1568) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Antoine Delignat-Lavaud and Intel Product Security Incident Response Team as the original reporters. All NSS users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, applications using NSS must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 77952
    published 2014-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77952
    title Oracle Linux 5 / 6 / 7 : nss (ELSA-2014-1307)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2014-0023.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : nss - Added nss-vendor.patch to change vendor - Replace expired PayPal test certificate that breaks the build - Resolves: Bug 1145431 - (CVE-2014-1568) - Resolves: Bug 1145431 - (CVE-2014-1568) - Removed listed but unused patches detected by the rpmdiff test - Resolves: Bug 1099619 - Update some patches on account of the rebase - Resolves: Bug 1099619 - Backport nss-3.12.6 upstream fix required by Firefox 31 - Resolves: Bug 1099619 - Remove two unused patches and apply a needed one that was missed - Resolves: Bug 1112136 - Rebase nss in RHEL 6.5.Z to NSS 3.16.1 - Update to nss-3.16.1 - Resolves: Bug 1112136 - Rebase nss in RHEL 6.5.Z to NSS 3.16.1 - Make pem's derEncodingsMatch function work with encrypted keys - Resolves: Bug 1048713 - [PEM] active FTPS with encrypted client key ends up with SSL_ERROR_TOKEN_INSERTION_REMOVAL - Remove unused patches - Resolves: Bug 1048713 - Resolves: Bug 1048713 - [PEM] active FTPS with encrypted client key ends up with SSL_ERROR_TOKEN_INSERTION_REMOVAL - Revoke trust in one mis-issued anssi certificate - Resolves: Bug 1042685 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) [rhel-6.6] - Enable patch with fix for deadlock in trust domain lock and object lock - Resolves: Bug 1036477 - deadlock in trust domain lock and object lock - Disable hw gcm on rhel-5 based build environments where OS lacks support - Rollback changes to build nss without softokn until Bug 689919 is approved - Cipher suite was run as part of the nss-softokn build - Update to NSS_3_15_3_RTM - Resolves: Bug 1032470 - CVE-2013-5605 CVE-2013-5606 (CVE-2013-1741) - Using export NSS_DISABLE_HW_GCM=1 to deal with some problemmatic build systems - Resolves: rhbz#1016044 - nss.s390: primary link for libnssckbi.so must be /usr/lib64/libnssckbi.so - Add s390x and ia64 to the %define multilib_arches list used for defining alt_ckbi - Resolves: rhbz#1016044 - nss.s390: primary link for libnssckbi.so must be /usr/lib64/libnssckbi.so - Add zero default value to DISABLETEST check and fix the TEST_FAILURES check and reporting - Resolves: rhbz#990631 - file permissions of pkcs11.txt/secmod.db must be kept when modified by NSS - Related: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x) - Add a zero default value to the DISABLETEST and TEST_FAILURES checks - Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x) - Fix the test for zero failures in the %check section - Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x) - Restore a mistakenly removed patch - Resolves: rhbz#961659 - SQL backend does not reload certificates - Rebuild for the pem module to link with freel from nss-softokn-3.14.3-6.el6 - Related: rhbz#993441 - NSS needs to conform to new FIPS standard. - Related: rhbz#1010224 - NSS 3.15 breaks SSL in OpenLDAP clients - Don't require nss-softokn-fips - Resolves: rhbz#993441 - NSS needs to conform to new FIPS standard. - Additional syntax fixes in nss-versus-softoken-test.patch - Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x) - Fix all.sh test for which application was last build by updating nss-versus-softoken-test.path - Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x) - Disable the cipher suite already run as part of the nss-softokn build - Resolves: rhbz#993441 - NSS needs to conform to new FIPS standard. - Require nss-softokn-fips - Resolves: rhbz#993441 - NSS needs to conform to new FIPS standard. - Require nspr-4.10.0 - Related: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x) - Fix relative path in %check section to prevent undetected test failures - Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x) - Rebase to NSS_3.15.1_RTM - Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x) - Update patches on account of the shallow tree with the rebase to 3.15.1 - Update the pem module sources nss-pem-20130405.tar.bz2 with latest patches applied - Remove patches rendered obsolete by the nss rebase and the updated nss-pem sources - Enable the iquote.patch to access newly introduced types - Do not hold issuer certificate handles in the crl cache - Resolves: rhbz#961659 - SQL backend does not reload certificates - Resolves: rhbz#977341 - nss-tools certutil -H does not list all options - Resolves: rhbz#702083 - don't require unique file basenames - Fix race condition in cert code related to smart cards - Resolves: rhbz#903017 - Firefox hang when CAC/PIV smart card certificates are viewed in the certificate manager - Configure libnssckbi.so to use the alternatives system in order to prepare for a drop in replacement. Please ensure that older packages that don't use the alternatives system for libnssckbi.so have a smaller n-v-r. - Syncup with uptream changes for aes gcm and ecc suiteb - Enable ecc support for suite b - Apply several upstream AES GCM fixes - Use the pristine nss upstream sources with ecc included - Export NSS_ENABLE_ECC=1 in both the build and the check sections - Make failed requests for unsupoprted ssl pkcs 11 bypass non fatal - Resolves: rhbz#882408 - NSS_NO_PKCS11_BYPASS must preserve ABI - Related: rhbz#918950 - rebase nss to 3.14.3 nss-softokn - Adjust patch to be compatible with legacy softokn API. - Resolves: Bug 1145431 - (CVE-2014-1568) - Resolves: Bug 1145431 - (CVE-2014-1568) - Skip calls to CHECK_FORK in [C & NSC]_GetFunctionList - Resolves: Bug 1082900 - Admin server segfault when configuration DS configured on SSL port - Add workaround to %check unset DISPLAY section for RHEL-5 based build machines where kernel lacks support for hardware GCM - back out -fips package changes - Enable new packaging but don't apply nss-fips-post.patch - Related: rhbz#1008513 - Unable to login in fips mode - Fix the PR_Access stub to actually access the correct permissions - Resolves: rhbz#1008513 - Unable to login in fips mode - Run the lowhash tests - Require nspr-4.0.0 and nss-util-3.15.1 - create -fips packages - patch submitted by Bob Relyea - fix the script that splits softoken off from nss - patch nss/cmd/lib/basicutil.c to build against nss-util-3.15.1 - Resolves: rhbz#993441 - NSS needs to conform to new FIPS standard. - Resolves: rhbz#976572 - Pick up various upstream GCM code fixes applied since nss-3.14.3 was released - Display cpuifo as part of the tests and make NSS_DISABLE_HW_GCM the environment variable to test for - When appling the patches use a backup file suffix that better describes the patch purpose - Enable ECC support for suite b and add upstream fixes for aec gcm - Use the unstripped upstream sources with ecc support - Limit the ECC support to suite b - Apply several upstream aes gcm fixes - Rename macros EC_MIN_KEY_BITS and EC_MAX_KEY_BITS per upstream - Resolves: rhbz#960208 - Enable ECC in nss-softoken - Related: rhbz#919172 nss-util - Resolves: bug 1145431 - (CVE-2014-1568) - Update to nss-3.16.1 - Resolves: rhbz#1112136 - Update to NSS_3_15_3_RTM - Resolves: rhbz#1032470 - CVE-2013-5605 CVE-2013-5606 (CVE-2013-1741) - Preserve existing permissions when replacing existing pkcs11.txt file, but keep strict default permissions for new files - Resolves: rhbz#990631 - file permissions of pkcs11.txt/secmod.db must be kept when modified by NSS
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 79540
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79540
    title OracleVM 3.3 : nss (OVMSA-2014-0023)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201504-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201504-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. Workaround : There are no known workarounds at this time.
    last seen 2019-02-21
    modified 2016-11-11
    plugin id 82632
    published 2015-04-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82632
    title GLSA-201504-01 : Mozilla Products: Multiple vulnerabilities
redhat via4
advisories
  • bugzilla
    id 1145429
    title CVE-2014-1568 nss: RSA PKCS#1 signature verification forgery flaw (MFSA 2014-73)
    oval
    OR
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhba:tst:20111656001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhba:tst:20111656002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhba:tst:20111656003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20111656004
      • OR
        • AND
          • comment nss-util is earlier than 0:3.16.1-2.el6_5
            oval oval:com.redhat.rhsa:tst:20141307005
          • comment nss-util is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364020
        • AND
          • comment nss-util-devel is earlier than 0:3.16.1-2.el6_5
            oval oval:com.redhat.rhsa:tst:20141307007
          • comment nss-util-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364022
        • AND
          • comment nss is earlier than 0:3.16.1-7.el6_5
            oval oval:com.redhat.rhsa:tst:20141307009
          • comment nss is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364010
        • AND
          • comment nss-devel is earlier than 0:3.16.1-7.el6_5
            oval oval:com.redhat.rhsa:tst:20141307015
          • comment nss-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364016
        • AND
          • comment nss-pkcs11-devel is earlier than 0:3.16.1-7.el6_5
            oval oval:com.redhat.rhsa:tst:20141307017
          • comment nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364018
        • AND
          • comment nss-sysinit is earlier than 0:3.16.1-7.el6_5
            oval oval:com.redhat.rhsa:tst:20141307013
          • comment nss-sysinit is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364014
        • AND
          • comment nss-tools is earlier than 0:3.16.1-7.el6_5
            oval oval:com.redhat.rhsa:tst:20141307011
          • comment nss-tools is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364012
        • AND
          • comment nss-softokn is earlier than 0:3.14.3-12.el6_5
            oval oval:com.redhat.rhsa:tst:20141307019
          • comment nss-softokn is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364024
        • AND
          • comment nss-softokn-devel is earlier than 0:3.14.3-12.el6_5
            oval oval:com.redhat.rhsa:tst:20141307025
          • comment nss-softokn-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364026
        • AND
          • comment nss-softokn-freebl is earlier than 0:3.14.3-12.el6_5
            oval oval:com.redhat.rhsa:tst:20141307023
          • comment nss-softokn-freebl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364028
        • AND
          • comment nss-softokn-freebl-devel is earlier than 0:3.14.3-12.el6_5
            oval oval:com.redhat.rhsa:tst:20141307021
          • comment nss-softokn-freebl-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364030
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331001
      • OR
        • AND
          • comment nss is earlier than 0:3.16.1-4.el5_11
            oval oval:com.redhat.rhsa:tst:20141307028
          • comment nss is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhba:tst:20150925013
        • AND
          • comment nss-devel is earlier than 0:3.16.1-4.el5_11
            oval oval:com.redhat.rhsa:tst:20141307032
          • comment nss-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhba:tst:20150925009
        • AND
          • comment nss-pkcs11-devel is earlier than 0:3.16.1-4.el5_11
            oval oval:com.redhat.rhsa:tst:20141307030
          • comment nss-pkcs11-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhba:tst:20150925007
        • AND
          • comment nss-tools is earlier than 0:3.16.1-4.el5_11
            oval oval:com.redhat.rhsa:tst:20141307034
          • comment nss-tools is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhba:tst:20150925011
    • AND
      • OR
        • comment Red Hat Enterprise Linux 7 Client is installed
          oval oval:com.redhat.rhba:tst:20150364001
        • comment Red Hat Enterprise Linux 7 Server is installed
          oval oval:com.redhat.rhba:tst:20150364002
        • comment Red Hat Enterprise Linux 7 Workstation is installed
          oval oval:com.redhat.rhba:tst:20150364003
        • comment Red Hat Enterprise Linux 7 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20150364004
      • OR
        • AND
          • comment nss-softokn is earlier than 0:3.16.2-2.el7_0
            oval oval:com.redhat.rhsa:tst:20141307040
          • comment nss-softokn is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364024
        • AND
          • comment nss-softokn-devel is earlier than 0:3.16.2-2.el7_0
            oval oval:com.redhat.rhsa:tst:20141307041
          • comment nss-softokn-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364026
        • AND
          • comment nss-softokn-freebl is earlier than 0:3.16.2-2.el7_0
            oval oval:com.redhat.rhsa:tst:20141307043
          • comment nss-softokn-freebl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364028
        • AND
          • comment nss-softokn-freebl-devel is earlier than 0:3.16.2-2.el7_0
            oval oval:com.redhat.rhsa:tst:20141307042
          • comment nss-softokn-freebl-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364030
        • AND
          • comment nss-util is earlier than 0:3.16.2-2.el7_0
            oval oval:com.redhat.rhsa:tst:20141307044
          • comment nss-util is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364020
        • AND
          • comment nss-util-devel is earlier than 0:3.16.2-2.el7_0
            oval oval:com.redhat.rhsa:tst:20141307045
          • comment nss-util-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364022
        • AND
          • comment nss is earlier than 0:3.16.2-7.el7_0
            oval oval:com.redhat.rhsa:tst:20141307046
          • comment nss is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364010
        • AND
          • comment nss-devel is earlier than 0:3.16.2-7.el7_0
            oval oval:com.redhat.rhsa:tst:20141307047
          • comment nss-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364016
        • AND
          • comment nss-pkcs11-devel is earlier than 0:3.16.2-7.el7_0
            oval oval:com.redhat.rhsa:tst:20141307048
          • comment nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364018
        • AND
          • comment nss-sysinit is earlier than 0:3.16.2-7.el7_0
            oval oval:com.redhat.rhsa:tst:20141307049
          • comment nss-sysinit is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364014
        • AND
          • comment nss-tools is earlier than 0:3.16.2-7.el7_0
            oval oval:com.redhat.rhsa:tst:20141307050
          • comment nss-tools is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364012
    rhsa
    id RHSA-2014:1307
    released 2014-09-26
    severity Important
    title RHSA-2014:1307: nss security update (Important)
  • rhsa
    id RHSA-2014:1354
  • rhsa
    id RHSA-2014:1371
rpms
  • nss-util-0:3.16.1-2.el6_5
  • nss-util-devel-0:3.16.1-2.el6_5
  • nss-0:3.16.1-7.el6_5
  • nss-devel-0:3.16.1-7.el6_5
  • nss-pkcs11-devel-0:3.16.1-7.el6_5
  • nss-sysinit-0:3.16.1-7.el6_5
  • nss-tools-0:3.16.1-7.el6_5
  • nss-softokn-0:3.14.3-12.el6_5
  • nss-softokn-devel-0:3.14.3-12.el6_5
  • nss-softokn-freebl-0:3.14.3-12.el6_5
  • nss-softokn-freebl-devel-0:3.14.3-12.el6_5
  • nss-0:3.16.1-4.el5_11
  • nss-devel-0:3.16.1-4.el5_11
  • nss-pkcs11-devel-0:3.16.1-4.el5_11
  • nss-tools-0:3.16.1-4.el5_11
  • nss-softokn-0:3.16.2-2.el7_0
  • nss-softokn-devel-0:3.16.2-2.el7_0
  • nss-softokn-freebl-0:3.16.2-2.el7_0
  • nss-softokn-freebl-devel-0:3.16.2-2.el7_0
  • nss-util-0:3.16.2-2.el7_0
  • nss-util-devel-0:3.16.2-2.el7_0
  • nss-0:3.16.2-7.el7_0
  • nss-devel-0:3.16.2-7.el7_0
  • nss-pkcs11-devel-0:3.16.2-7.el7_0
  • nss-sysinit-0:3.16.2-7.el7_0
  • nss-tools-0:3.16.2-7.el7_0
refmap via4
bid 70116
cert-vn VU#772676
confirm
debian
  • DSA-3033
  • DSA-3034
  • DSA-3037
gentoo GLSA-201504-01
secunia
  • 61540
  • 61574
  • 61575
  • 61576
  • 61583
suse
  • SUSE-SU-2014:1220
  • openSUSE-SU-2014:1224
  • openSUSE-SU-2014:1232
ubuntu
  • USN-2360-1
  • USN-2360-2
  • USN-2361-1
xf mozilla-nss-cve20141568-sec-bypass(96194)
Last major update 06-01-2017 - 21:59
Published 25-09-2014 - 13:55
Last modified 28-08-2017 - 21:34
Back to Top