Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.
References
Link Providers
http://hg.mozilla.org/projects/nss/rev/12c42006aed8 cve-icon cve-icon
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html cve-icon cve-icon
http://seclists.org/fulldisclosure/2014/Dec/23 cve-icon cve-icon
http://secunia.com/advisories/56858 cve-icon cve-icon
http://secunia.com/advisories/56888 cve-icon cve-icon
http://secunia.com/advisories/56922 cve-icon cve-icon
http://www.debian.org/security/2014/dsa-2858 cve-icon cve-icon
http://www.debian.org/security/2014/dsa-2994 cve-icon cve-icon
http://www.mozilla.org/security/announce/2014/mfsa2014-12.html cve-icon cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/534161/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/65332 cve-icon cve-icon
http://www.securitytracker.com/id/1029717 cve-icon cve-icon
http://www.securitytracker.com/id/1029720 cve-icon cve-icon
http://www.securitytracker.com/id/1029721 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2102-1 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2102-2 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2119-1 cve-icon cve-icon
http://www.vmware.com/security/advisories/VMSA-2014-0012.html cve-icon cve-icon
https://bugzilla.mozilla.org/show_bug.cgi?id=934545 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/90886 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2014-1491 cve-icon
https://security.gentoo.org/glsa/201504-01 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2014-1491 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2014-02-06T02:00:00

Updated: 2024-08-06T09:42:36.031Z

Reserved: 2014-01-16T00:00:00

Link: CVE-2014-1491

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-02-06T05:44:25.127

Modified: 2024-11-21T02:04:23.477

Link: CVE-2014-1491

cve-icon Redhat

Severity : Moderate

Publid Date: 2014-02-04T00:00:00Z

Links: CVE-2014-1491 - Bugzilla