Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.
References
Link Providers
http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html cve-icon cve-icon
http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html cve-icon cve-icon
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 cve-icon cve-icon
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00032.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00036.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00039.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2014-1307.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2014-1354.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2014-1371.html cve-icon cve-icon
http://secunia.com/advisories/61540 cve-icon cve-icon
http://secunia.com/advisories/61574 cve-icon cve-icon
http://secunia.com/advisories/61575 cve-icon cve-icon
http://secunia.com/advisories/61576 cve-icon cve-icon
http://secunia.com/advisories/61583 cve-icon cve-icon
http://www.debian.org/security/2014/dsa-3033 cve-icon cve-icon
http://www.debian.org/security/2014/dsa-3034 cve-icon cve-icon
http://www.debian.org/security/2014/dsa-3037 cve-icon cve-icon
http://www.kb.cert.org/vuls/id/772676 cve-icon cve-icon
http://www.mozilla.org/security/announce/2014/mfsa2014-73.html cve-icon cve-icon cve-icon
http://www.novell.com/support/kb/doc.php?id=7015701 cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html cve-icon cve-icon
http://www.securityfocus.com/bid/70116 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2360-1 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2360-2 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2361-1 cve-icon cve-icon
https://bugzilla.mozilla.org/show_bug.cgi?id=1064636 cve-icon cve-icon
https://bugzilla.mozilla.org/show_bug.cgi?id=1069405 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/96194 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2014-1568 cve-icon
https://security.gentoo.org/glsa/201504-01 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2014-1568 cve-icon
History

Mon, 21 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*

cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2014-09-25T17:00:00

Updated: 2024-08-06T09:42:36.192Z

Reserved: 2014-01-16T00:00:00

Link: CVE-2014-1568

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-09-25T17:55:04.387

Modified: 2024-11-21T02:04:37.210

Link: CVE-2014-1568

cve-icon Redhat

Severity : Important

Publid Date: 2014-09-24T00:00:00Z

Links: CVE-2014-1568 - Bugzilla