Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain.
Metrics
Affected Vendors & Products
References
History
Mon, 21 Oct 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:mozilla:firefox:24.0:*:*:*:*:*:*:* |
Mon, 21 Oct 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:mozilla:firefox_esr:24.1.1:*:*:*:*:*:*:* |
cpe:2.3:a:mozilla:firefox:24.1.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:24.1.1:*:*:*:*:*:*:* |
MITRE
Status: PUBLISHED
Assigner: mozilla
Published: 2014-07-23T10:00:00
Updated: 2024-08-06T09:42:36.185Z
Reserved: 2014-01-16T00:00:00
Link: CVE-2014-1544
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-07-23T11:12:42.777
Modified: 2024-11-21T02:04:32.330
Link: CVE-2014-1544
Redhat