VAR-201409-0340
Vulnerability from variot - Updated: 2025-12-22 22:57Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue. This vulnerability may allow an attacker to forge a RSA signature, such as a SSL certificate. Mozilla Network Security Services (NSS) The library contains DigestInfo There is a problem with the processing of RSA A vulnerability exists that does not properly verify signatures. Mozilla Network Security Services (NSS) Implemented by the library DigestInfo There is a vulnerability in the processing of. BER Encoded DigestInfo When parsing a field, the parsing of padded bytes is bypassed, PKCS#1 v1.5 Formal RSA Signature forgery may not be detected (CWE-295) . CWE-295: Improper Certificate Validation http://cwe.mitre.org/data/definitions/295.html This vulnerability 2006 Announced in the year Bleichenbacher vulnerability It is a kind of. Bleichenbacher vulnerability http://www.imc.org/ietf-openpgp/mail-archive/msg06063.html Mozilla NSS Is plural Linux Distributions and packages, and Google Chrome And Google Chrome OS It is used in etc. Other vulnerable libraries and products may have similar vulnerable implementations.SSL Certificate etc. RSA The signature may be forged.
For the stable distribution (wheezy), this problem has been fixed in version 24.8.1esr-1~deb7u1.
For the testing distribution (jessie) and unstable distribution (sid), Icedove uses the system NSS library, handled in DSA 3033-1. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates (CVE-2014-1568). ============================================================================ Ubuntu Security Notice USN-2361-1 September 24, 2014
nss vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libnss3 2:3.17.1-0ubuntu0.14.04.1
Ubuntu 12.04 LTS: libnss3 3.17.1-0ubuntu0.12.04.1
Ubuntu 10.04 LTS: libnss3-1d 3.17.1-0ubuntu0.10.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use NSS, such as Evolution and Chromium, to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2361-1 CVE-2014-1568
Package Information: https://launchpad.net/ubuntu/+source/nss/2:3.17.1-0ubuntu0.14.04.1 https://launchpad.net/ubuntu/+source/nss/3.17.1-0ubuntu0.12.04.1 https://launchpad.net/ubuntu/+source/nss/3.17.1-0ubuntu0.10.04.1 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201504-01
https://security.gentoo.org/
Severity: Normal Title: Mozilla Products: Multiple vulnerabilities Date: April 07, 2015 Bugs: #489796, #491234, #493850, #500320, #505072, #509050, #512896, #517876, #522020, #523652, #525474, #531408, #536564, #541316, #544056 ID: 201504-01
Synopsis
Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, the worst of which may allow user-assisted execution of arbitrary code.
Background
Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the =E2=80=98Mozilla Application Suite=E2=80=99.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/firefox < 31.5.3 >= 31.5.3 2 www-client/firefox-bin < 31.5.3 >= 31.5.3 3 mail-client/thunderbird < 31.5.0 >= 31.5.0 4 mail-client/thunderbird-bin < 31.5.0 >= 31.5.0 5 www-client/seamonkey < 2.33.1 >= 2.33.1 6 www-client/seamonkey-bin < 2.33.1 >= 2.33.1 7 dev-libs/nspr < 4.10.6 >= 4.10.6 ------------------------------------------------------------------- 7 affected packages
Description
Multiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact.
Workaround
There are no known workarounds at this time.
Resolution
All firefox users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-31.5.3"
All firefox-bin users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-31.5.3"
All thunderbird users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-31.5.0"=
All thunderbird-bin users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-31.5.0"
All seamonkey users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.33.1"
All seamonkey-bin users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=www-client/seamonkey-bin-2.33.1"
All nspr users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nspr-4.10.6"
References
[ 1 ] CVE-2013-1741 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1741 [ 2 ] CVE-2013-2566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2566 [ 3 ] CVE-2013-5590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5590 [ 4 ] CVE-2013-5591 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5591 [ 5 ] CVE-2013-5592 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5592 [ 6 ] CVE-2013-5593 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5593 [ 7 ] CVE-2013-5595 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5595 [ 8 ] CVE-2013-5596 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5596 [ 9 ] CVE-2013-5597 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5597 [ 10 ] CVE-2013-5598 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5598 [ 11 ] CVE-2013-5599 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5599 [ 12 ] CVE-2013-5600 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5600 [ 13 ] CVE-2013-5601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5601 [ 14 ] CVE-2013-5602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5602 [ 15 ] CVE-2013-5603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5603 [ 16 ] CVE-2013-5604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5604 [ 17 ] CVE-2013-5605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5605 [ 18 ] CVE-2013-5606 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5606 [ 19 ] CVE-2013-5607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5607 [ 20 ] CVE-2013-5609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5609 [ 21 ] CVE-2013-5610 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5610 [ 22 ] CVE-2013-5612 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5612 [ 23 ] CVE-2013-5613 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5613 [ 24 ] CVE-2013-5614 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5614 [ 25 ] CVE-2013-5615 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5615 [ 26 ] CVE-2013-5616 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5616 [ 27 ] CVE-2013-5618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5618 [ 28 ] CVE-2013-5619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5619 [ 29 ] CVE-2013-6671 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6671 [ 30 ] CVE-2013-6672 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6672 [ 31 ] CVE-2013-6673 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6673 [ 32 ] CVE-2014-1477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1477 [ 33 ] CVE-2014-1478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1478 [ 34 ] CVE-2014-1479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1479 [ 35 ] CVE-2014-1480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1480 [ 36 ] CVE-2014-1481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1481 [ 37 ] CVE-2014-1482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1482 [ 38 ] CVE-2014-1483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1483 [ 39 ] CVE-2014-1485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1485 [ 40 ] CVE-2014-1486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1486 [ 41 ] CVE-2014-1487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1487 [ 42 ] CVE-2014-1488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1488 [ 43 ] CVE-2014-1489 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1489 [ 44 ] CVE-2014-1490 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1490 [ 45 ] CVE-2014-1491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1491 [ 46 ] CVE-2014-1492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1492 [ 47 ] CVE-2014-1493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1493 [ 48 ] CVE-2014-1494 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1494 [ 49 ] CVE-2014-1496 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1496 [ 50 ] CVE-2014-1497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1497 [ 51 ] CVE-2014-1498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1498 [ 52 ] CVE-2014-1499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1499 [ 53 ] CVE-2014-1500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1500 [ 54 ] CVE-2014-1502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1502 [ 55 ] CVE-2014-1505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1505 [ 56 ] CVE-2014-1508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1508 [ 57 ] CVE-2014-1509 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1509 [ 58 ] CVE-2014-1510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1510 [ 59 ] CVE-2014-1511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1511 [ 60 ] CVE-2014-1512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1512 [ 61 ] CVE-2014-1513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1513 [ 62 ] CVE-2014-1514 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1514 [ 63 ] CVE-2014-1518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1518 [ 64 ] CVE-2014-1519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1519 [ 65 ] CVE-2014-1520 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1520 [ 66 ] CVE-2014-1522 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1522 [ 67 ] CVE-2014-1523 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1523 [ 68 ] CVE-2014-1524 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1524 [ 69 ] CVE-2014-1525 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1525 [ 70 ] CVE-2014-1526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1526 [ 71 ] CVE-2014-1529 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1529 [ 72 ] CVE-2014-1530 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1530 [ 73 ] CVE-2014-1531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1531 [ 74 ] CVE-2014-1532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1532 [ 75 ] CVE-2014-1533 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1533 [ 76 ] CVE-2014-1534 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1534 [ 77 ] CVE-2014-1536 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1536 [ 78 ] CVE-2014-1537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1537 [ 79 ] CVE-2014-1538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1538 [ 80 ] CVE-2014-1539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1539 [ 81 ] CVE-2014-1540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1540 [ 82 ] CVE-2014-1541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1541 [ 83 ] CVE-2014-1542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1542 [ 84 ] CVE-2014-1543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1543 [ 85 ] CVE-2014-1544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1544 [ 86 ] CVE-2014-1545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1545 [ 87 ] CVE-2014-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1547 [ 88 ] CVE-2014-1548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1548 [ 89 ] CVE-2014-1549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1549 [ 90 ] CVE-2014-1550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1550 [ 91 ] CVE-2014-1551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1551 [ 92 ] CVE-2014-1552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1552 [ 93 ] CVE-2014-1553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1553 [ 94 ] CVE-2014-1554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1554 [ 95 ] CVE-2014-1555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1555 [ 96 ] CVE-2014-1556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1556 [ 97 ] CVE-2014-1557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1557 [ 98 ] CVE-2014-1558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1558 [ 99 ] CVE-2014-1559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1559 [ 100 ] CVE-2014-1560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1560 [ 101 ] CVE-2014-1561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1561 [ 102 ] CVE-2014-1562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1562 [ 103 ] CVE-2014-1563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1563 [ 104 ] CVE-2014-1564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1564 [ 105 ] CVE-2014-1565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1565 [ 106 ] CVE-2014-1566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1566 [ 107 ] CVE-2014-1567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1567 [ 108 ] CVE-2014-1568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1568 [ 109 ] CVE-2014-1574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1574 [ 110 ] CVE-2014-1575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1575 [ 111 ] CVE-2014-1576 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1576 [ 112 ] CVE-2014-1577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1577 [ 113 ] CVE-2014-1578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1578 [ 114 ] CVE-2014-1580 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1580 [ 115 ] CVE-2014-1581 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1581 [ 116 ] CVE-2014-1582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1582 [ 117 ] CVE-2014-1583 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1583 [ 118 ] CVE-2014-1584 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1584 [ 119 ] CVE-2014-1585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1585 [ 120 ] CVE-2014-1586 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1586 [ 121 ] CVE-2014-1587 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1587 [ 122 ] CVE-2014-1588 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1588 [ 123 ] CVE-2014-1589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1589 [ 124 ] CVE-2014-1590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1590 [ 125 ] CVE-2014-1591 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1591 [ 126 ] CVE-2014-1592 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1592 [ 127 ] CVE-2014-1593 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1593 [ 128 ] CVE-2014-1594 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1594 [ 129 ] CVE-2014-5369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5369 [ 130 ] CVE-2014-8631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8631 [ 131 ] CVE-2014-8632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8632 [ 132 ] CVE-2014-8634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8634 [ 133 ] CVE-2014-8635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8635 [ 134 ] CVE-2014-8636 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8636 [ 135 ] CVE-2014-8637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8637 [ 136 ] CVE-2014-8638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8638 [ 137 ] CVE-2014-8639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8639 [ 138 ] CVE-2014-8640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8640 [ 139 ] CVE-2014-8641 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8641 [ 140 ] CVE-2014-8642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8642 [ 141 ] CVE-2015-0817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0817 [ 142 ] CVE-2015-0818 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0818 [ 143 ] CVE-2015-0819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0819 [ 144 ] CVE-2015-0820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0820 [ 145 ] CVE-2015-0821 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0821 [ 146 ] CVE-2015-0822 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0822 [ 147 ] CVE-2015-0823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0823 [ 148 ] CVE-2015-0824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0824 [ 149 ] CVE-2015-0825 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0825 [ 150 ] CVE-2015-0826 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0826 [ 151 ] CVE-2015-0827 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0827 [ 152 ] CVE-2015-0828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0828 [ 153 ] CVE-2015-0829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0829 [ 154 ] CVE-2015-0830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0830 [ 155 ] CVE-2015-0831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0831 [ 156 ] CVE-2015-0832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0832 [ 157 ] CVE-2015-0833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0833 [ 158 ] CVE-2015-0834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0834 [ 159 ] CVE-2015-0835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0835 [ 160 ] CVE-2015-0836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0836 [ 161 ] VE-2014-1504
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201504-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2015:059 http://www.mandriva.com/en/support/security/
Package : nss Date : March 13, 2015 Affected: Business Server 2.0
Problem Description:
Multiple vulnerabilities has been found and corrected in the Mozilla NSS and NSPR packages:
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate (CVE-2014-1492).
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain (CVE-2014-1544).
The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as demonstrated by the SEC_QuickDERDecodeItem function's improper handling of an arbitrary-length encoding of 0x00 (CVE-2014-1569).
Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions (CVE-2014-1545).
The sqlite3 packages have been upgraded to the 3.8.6 version due to an prerequisite to nss-3.17.x.
Additionally the rootcerts package has also been updated to the latest version as of 2014-11-17, which adds, removes, and distrusts several certificates.
The updated packages provides a solution for these security issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.1_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.2_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.3_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.1_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.2_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.3_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.4_release_notes https://www.mozilla.org/en-US/security/advisories/mfsa2014-55/
Updated Packages:
Mandriva Business Server 2/X86_64: 2aea53da7622f23ec03faa5605d9672c mbs2/x86_64/lemon-3.8.6-1.mbs2.x86_64.rpm 68cc94d4a95146583d8a6b2849759614 mbs2/x86_64/lib64nspr4-4.10.8-1.mbs2.x86_64.rpm a6ffe2ebe6de847b6227c8c4c2cb4ba4 mbs2/x86_64/lib64nspr-devel-4.10.8-1.mbs2.x86_64.rpm 78ba63e6a21b897abac8e4b0e975470d mbs2/x86_64/lib64nss3-3.17.4-1.mbs2.x86_64.rpm aacf8b1f144a7044e77abc5d0be72a7b mbs2/x86_64/lib64nss-devel-3.17.4-1.mbs2.x86_64.rpm 6afff220f7fa93dede0486b76155ae44 mbs2/x86_64/lib64nss-static-devel-3.17.4-1.mbs2.x86_64.rpm 63ffb7675dc414a52a4647f5ed302e3c mbs2/x86_64/lib64sqlite3_0-3.8.6-1.mbs2.x86_64.rpm cfefad1ef4f83cceeeb34a4f2ffca442 mbs2/x86_64/lib64sqlite3-devel-3.8.6-1.mbs2.x86_64.rpm e976251ee0ae5c2b2a2f6a163b693e85 mbs2/x86_64/lib64sqlite3-static-devel-3.8.6-1.mbs2.x86_64.rpm 42018611a17d2b6480b63f0a968a796d mbs2/x86_64/nss-3.17.4-1.mbs2.x86_64.rpm b955454c30e482635944134eb02456e4 mbs2/x86_64/nss-doc-3.17.4-1.mbs2.noarch.rpm 3058267964146b7806c493ff536da63d mbs2/x86_64/rootcerts-20141117.00-1.mbs2.x86_64.rpm 18fc28f1ae18ddd5fe01acb77811d0e6 mbs2/x86_64/rootcerts-java-20141117.00-1.mbs2.x86_64.rpm 200f6a413d13d850ea084a9e42c4fc23 mbs2/x86_64/sqlite3-tcl-3.8.6-1.mbs2.x86_64.rpm 8c88a446098d21cf2675173e32a208e6 mbs2/x86_64/sqlite3-tools-3.8.6-1.mbs2.x86_64.rpm 2e494a940c3189617ff62bc15a2b14fb mbs2/SRPMS/nspr-4.10.8-1.mbs2.src.rpm 0a28d1c9c07909d488c7dabe92c47529 mbs2/SRPMS/nss-3.17.4-1.mbs2.src.rpm 10dcc357bb0bbdc22e7dd308074d037b mbs2/SRPMS/rootcerts-20141117.00-1.mbs2.src.rpm df412cc892bb40e1d7345079a25c0bbb mbs2/SRPMS/sqlite3-3.8.6-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVAvuLmqjQ0CJFipgRArOfAKDn7F7m/ZnJATspmFD0k083yGXQJwCdHAzw P1QqaGn3HFIH8gKR7XVcRAA= =ZF+9 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0340",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.6,
"vendor": "mozilla",
"version": "2.13.1"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.6,
"vendor": "mozilla",
"version": "2.15"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.6,
"vendor": "mozilla",
"version": "2.14"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.6,
"vendor": "mozilla",
"version": "2.13.2"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.15.1"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.10"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.5"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.5.0.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "31.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "32.0.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "32.0.2"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.13"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.16"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "31.0"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.5.0.9"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.6"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.11"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.14"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.24"
},
{
"model": "chrome",
"scope": "lte",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.120"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.12"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.13"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.9"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.3.2"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.16"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.25"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.19"
},
{
"model": "firefox",
"scope": "lte",
"trust": 1.0,
"vendor": "mozilla",
"version": "32.0"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.7.2"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.7.3"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.8"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.22"
},
{
"model": "thunderbird",
"scope": "lte",
"trust": 1.0,
"vendor": "mozilla",
"version": "24.8.0"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.15.4"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.14.2"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.20"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.0"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.10"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.4"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.14.5"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.0.7"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.7"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.1"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.10"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.13"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "24.8.0"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.2"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.10"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.12"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.3"
},
{
"model": "seamonkey",
"scope": "lte",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.29"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.6"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.14.1"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.3"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.0.1"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.8"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.26"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.14"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.3"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.4.1"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.11"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.0.4"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.15"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.8"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.2"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.15.1"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.1"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.16"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.15"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.4"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.15.2"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.14"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.7"
},
{
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "31.1.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "31.1.0"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.7.7"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.11.5"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.17"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.10.1"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.0.9"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.4"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.2"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.15.5"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.21"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.6"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.22.1"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.7"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.11.2"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.2"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.23"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.100"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.6"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.19"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.14.3"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "*"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.17"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.16.2"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.15.3.1"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.7"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.0.3"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.2"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.0.6"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.3"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.12.1"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.20"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.18"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.5"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.7.1"
},
{
"model": "chrome",
"scope": "lte",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.103"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.16.4"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.1"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.4"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.16.1"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.9"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.11.4"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.14.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.0"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.7.5"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.6.1"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.1"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.3.1"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.11.3"
},
{
"model": "network security services",
"scope": "lte",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.16.2.0"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.9"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.5"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.0.8"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.3.1"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.11"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.18"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.8"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.15.2"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.2.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.102"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.17.1"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.16.3"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.16.1"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.9"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.5.0.10"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "31.1.1"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.0.5"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.3.2"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.5"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.4.2"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.15.3"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.11"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mozilla",
"version": null
},
{
"model": "chrome",
"scope": "lt",
"trust": 0.8,
"vendor": "google",
"version": "37.0.2062.124 earlier"
},
{
"model": "chrome",
"scope": "lt",
"trust": 0.8,
"vendor": "google",
"version": "os 37.0.2062.120 (platform version: 5978.98.1/5978.98.2) earlier"
},
{
"model": "firefox",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "32.0.3 earlier"
},
{
"model": "firefox esr",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "24.8.1 earlier"
},
{
"model": "firefox esr",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "31.1.1 earlier"
},
{
"model": "network security services",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "3.16.2.1 earlier"
},
{
"model": "network security services",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "3.16.5 earlier"
},
{
"model": "network security services",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "3.17.1 earlier"
},
{
"model": "seamonkey",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "2.29.1 earlier"
},
{
"model": "thunderbird",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "24.8.1 earlier"
},
{
"model": "thunderbird",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "31.1.2 earlier"
},
{
"model": "communications applications",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle communications messaging server 7.0.5.33.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle directory server enterprise edition 11.1.1.7"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle directory server enterprise edition 7.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle opensso 3.0-05"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle traffic director 11.1.1.7.0"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "iplanet web proxy server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "iplanet web server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "iplanet web server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "7.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#772676"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-965"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004409"
},
{
"db": "NVD",
"id": "CVE-2014-1568"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mozilla:firefox",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mozilla:firefox_esr",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mozilla:network_security_services",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mozilla:seamonkey",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mozilla:thunderbird",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:communications_applications",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:fusion_middleware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:glassfish_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:iplanet_web_proxy_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:iplanet_web_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004409"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandriva",
"sources": [
{
"db": "PACKETSTORM",
"id": "128404"
},
{
"db": "PACKETSTORM",
"id": "130825"
}
],
"trust": 0.2
},
"cve": "CVE-2014-1568",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-1568",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 8.8,
"collateralDamagePotential": "HIGH",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "HIGH",
"enviromentalScore": 8.7,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 8.6,
"id": "CVE-2014-1568",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"integrityRequirement": "HIGH",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "HIGH",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:M/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 8.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2014-004409",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-69507",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-1568",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-1568",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2014-004409",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-965",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-69507",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-1568",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#772676"
},
{
"db": "VULHUB",
"id": "VHN-69507"
},
{
"db": "VULMON",
"id": "CVE-2014-1568"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-965"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004409"
},
{
"db": "NVD",
"id": "CVE-2014-1568"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a \"signature malleability\" issue. This vulnerability may allow an attacker to forge a RSA signature, such as a SSL certificate. Mozilla Network Security Services (NSS) The library contains DigestInfo There is a problem with the processing of RSA A vulnerability exists that does not properly verify signatures. Mozilla Network Security Services (NSS) Implemented by the library DigestInfo There is a vulnerability in the processing of. BER Encoded DigestInfo When parsing a field, the parsing of padded bytes is bypassed, PKCS#1 v1.5 Formal RSA Signature forgery may not be detected (CWE-295) . CWE-295: Improper Certificate Validation http://cwe.mitre.org/data/definitions/295.html This vulnerability 2006 Announced in the year Bleichenbacher vulnerability It is a kind of. Bleichenbacher vulnerability http://www.imc.org/ietf-openpgp/mail-archive/msg06063.html Mozilla NSS Is plural Linux Distributions and packages, and Google Chrome And Google Chrome OS It is used in etc. Other vulnerable libraries and products may have similar vulnerable implementations.SSL Certificate etc. RSA The signature may be forged. \n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 24.8.1esr-1~deb7u1. \n\nFor the testing distribution (jessie) and unstable distribution (sid),\nIcedove uses the system NSS library, handled in DSA 3033-1. He discovered that NSS is vulnerable\n to a variant of a signature forgery attack previously published\n by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1\n values involved in a signature and could lead to the forging of RSA\n certificates (CVE-2014-1568). ============================================================================\nUbuntu Security Notice USN-2361-1\nSeptember 24, 2014\n\nnss vulnerability\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nFraudulent security certificates could allow sensitive information to\nbe exposed when accessing the Internet. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n libnss3 2:3.17.1-0ubuntu0.14.04.1\n\nUbuntu 12.04 LTS:\n libnss3 3.17.1-0ubuntu0.12.04.1\n\nUbuntu 10.04 LTS:\n libnss3-1d 3.17.1-0ubuntu0.10.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any applications\nthat use NSS, such as Evolution and Chromium, to make all the necessary\nchanges. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2361-1\n CVE-2014-1568\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/nss/2:3.17.1-0ubuntu0.14.04.1\n https://launchpad.net/ubuntu/+source/nss/3.17.1-0ubuntu0.12.04.1\n https://launchpad.net/ubuntu/+source/nss/3.17.1-0ubuntu0.10.04.1\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201504-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Mozilla Products: Multiple vulnerabilities\n Date: April 07, 2015\n Bugs: #489796, #491234, #493850, #500320, #505072, #509050,\n #512896, #517876, #522020, #523652, #525474, #531408,\n #536564, #541316, #544056\n ID: 201504-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Mozilla Firefox,\nThunderbird, and SeaMonkey, the worst of which may allow user-assisted\nexecution of arbitrary code. \n\nBackground\n==========\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird\nan open-source email client, both from the Mozilla Project. The\nSeaMonkey project is a community effort to deliver production-quality\nreleases of code derived from the application formerly known as the\n=E2=80=98Mozilla Application Suite=E2=80=99. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-client/firefox \u003c 31.5.3 \u003e= 31.5.3\n 2 www-client/firefox-bin \u003c 31.5.3 \u003e= 31.5.3\n 3 mail-client/thunderbird \u003c 31.5.0 \u003e= 31.5.0\n 4 mail-client/thunderbird-bin\n \u003c 31.5.0 \u003e= 31.5.0\n 5 www-client/seamonkey \u003c 2.33.1 \u003e= 2.33.1\n 6 www-client/seamonkey-bin\n \u003c 2.33.1 \u003e= 2.33.1\n 7 dev-libs/nspr \u003c 4.10.6 \u003e= 4.10.6\n -------------------------------------------------------------------\n 7 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Firefox, Thunderbird,\nand SeaMonkey. Please review the CVE identifiers referenced below for\ndetails. \n\nImpact\n======\n\nA remote attacker could entice a user to view a specially crafted web\npage or email, possibly resulting in execution of arbitrary code or a\nDenial of Service condition. Furthermore, a remote attacker may be able\nto perform Man-in-the-Middle attacks, obtain sensitive information,\nspoof the address bar, conduct clickjacking attacks, bypass security\nrestrictions and protection mechanisms, or have other unspecified\nimpact. \n\nWorkaround\n==========\n\nThere are no known workarounds at this time. \n\nResolution\n==========\n\nAll firefox users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-31.5.3\"\n\nAll firefox-bin users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-bin-31.5.3\"\n\nAll thunderbird users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=mail-client/thunderbird-31.5.0\"=\n\n\nAll thunderbird-bin users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-bin-31.5.0\"\n\nAll seamonkey users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/seamonkey-2.33.1\"\n\nAll seamonkey-bin users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=www-client/seamonkey-bin-2.33.1\"\n\nAll nspr users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/nspr-4.10.6\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-1741\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1741\n[ 2 ] CVE-2013-2566\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2566\n[ 3 ] CVE-2013-5590\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5590\n[ 4 ] CVE-2013-5591\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5591\n[ 5 ] CVE-2013-5592\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5592\n[ 6 ] CVE-2013-5593\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5593\n[ 7 ] CVE-2013-5595\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5595\n[ 8 ] CVE-2013-5596\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5596\n[ 9 ] CVE-2013-5597\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5597\n[ 10 ] CVE-2013-5598\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5598\n[ 11 ] CVE-2013-5599\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5599\n[ 12 ] CVE-2013-5600\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5600\n[ 13 ] CVE-2013-5601\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5601\n[ 14 ] CVE-2013-5602\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5602\n[ 15 ] CVE-2013-5603\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5603\n[ 16 ] CVE-2013-5604\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5604\n[ 17 ] CVE-2013-5605\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5605\n[ 18 ] CVE-2013-5606\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5606\n[ 19 ] CVE-2013-5607\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5607\n[ 20 ] CVE-2013-5609\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5609\n[ 21 ] CVE-2013-5610\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5610\n[ 22 ] CVE-2013-5612\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5612\n[ 23 ] CVE-2013-5613\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5613\n[ 24 ] CVE-2013-5614\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5614\n[ 25 ] CVE-2013-5615\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5615\n[ 26 ] CVE-2013-5616\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5616\n[ 27 ] CVE-2013-5618\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5618\n[ 28 ] CVE-2013-5619\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5619\n[ 29 ] CVE-2013-6671\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6671\n[ 30 ] CVE-2013-6672\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6672\n[ 31 ] CVE-2013-6673\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6673\n[ 32 ] CVE-2014-1477\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1477\n[ 33 ] CVE-2014-1478\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1478\n[ 34 ] CVE-2014-1479\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1479\n[ 35 ] CVE-2014-1480\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1480\n[ 36 ] CVE-2014-1481\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1481\n[ 37 ] CVE-2014-1482\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1482\n[ 38 ] CVE-2014-1483\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1483\n[ 39 ] CVE-2014-1485\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1485\n[ 40 ] CVE-2014-1486\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1486\n[ 41 ] CVE-2014-1487\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1487\n[ 42 ] CVE-2014-1488\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1488\n[ 43 ] CVE-2014-1489\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1489\n[ 44 ] CVE-2014-1490\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1490\n[ 45 ] CVE-2014-1491\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1491\n[ 46 ] CVE-2014-1492\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1492\n[ 47 ] CVE-2014-1493\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1493\n[ 48 ] CVE-2014-1494\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1494\n[ 49 ] CVE-2014-1496\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1496\n[ 50 ] CVE-2014-1497\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1497\n[ 51 ] CVE-2014-1498\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1498\n[ 52 ] CVE-2014-1499\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1499\n[ 53 ] CVE-2014-1500\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1500\n[ 54 ] CVE-2014-1502\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1502\n[ 55 ] CVE-2014-1505\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1505\n[ 56 ] CVE-2014-1508\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1508\n[ 57 ] CVE-2014-1509\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1509\n[ 58 ] CVE-2014-1510\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1510\n[ 59 ] CVE-2014-1511\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1511\n[ 60 ] CVE-2014-1512\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1512\n[ 61 ] CVE-2014-1513\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1513\n[ 62 ] CVE-2014-1514\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1514\n[ 63 ] CVE-2014-1518\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1518\n[ 64 ] CVE-2014-1519\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1519\n[ 65 ] CVE-2014-1520\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1520\n[ 66 ] CVE-2014-1522\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1522\n[ 67 ] CVE-2014-1523\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1523\n[ 68 ] CVE-2014-1524\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1524\n[ 69 ] CVE-2014-1525\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1525\n[ 70 ] CVE-2014-1526\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1526\n[ 71 ] CVE-2014-1529\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1529\n[ 72 ] CVE-2014-1530\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1530\n[ 73 ] CVE-2014-1531\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1531\n[ 74 ] CVE-2014-1532\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1532\n[ 75 ] CVE-2014-1533\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1533\n[ 76 ] CVE-2014-1534\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1534\n[ 77 ] CVE-2014-1536\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1536\n[ 78 ] CVE-2014-1537\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1537\n[ 79 ] CVE-2014-1538\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1538\n[ 80 ] CVE-2014-1539\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1539\n[ 81 ] CVE-2014-1540\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1540\n[ 82 ] CVE-2014-1541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1541\n[ 83 ] CVE-2014-1542\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1542\n[ 84 ] CVE-2014-1543\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1543\n[ 85 ] CVE-2014-1544\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1544\n[ 86 ] CVE-2014-1545\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1545\n[ 87 ] CVE-2014-1547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1547\n[ 88 ] CVE-2014-1548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1548\n[ 89 ] CVE-2014-1549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1549\n[ 90 ] CVE-2014-1550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1550\n[ 91 ] CVE-2014-1551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1551\n[ 92 ] CVE-2014-1552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1552\n[ 93 ] CVE-2014-1553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1553\n[ 94 ] CVE-2014-1554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1554\n[ 95 ] CVE-2014-1555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1555\n[ 96 ] CVE-2014-1556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1556\n[ 97 ] CVE-2014-1557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1557\n[ 98 ] CVE-2014-1558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1558\n[ 99 ] CVE-2014-1559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1559\n[ 100 ] CVE-2014-1560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1560\n[ 101 ] CVE-2014-1561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1561\n[ 102 ] CVE-2014-1562\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1562\n[ 103 ] CVE-2014-1563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1563\n[ 104 ] CVE-2014-1564\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1564\n[ 105 ] CVE-2014-1565\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1565\n[ 106 ] CVE-2014-1566\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1566\n[ 107 ] CVE-2014-1567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1567\n[ 108 ] CVE-2014-1568\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1568\n[ 109 ] CVE-2014-1574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1574\n[ 110 ] CVE-2014-1575\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1575\n[ 111 ] CVE-2014-1576\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1576\n[ 112 ] CVE-2014-1577\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1577\n[ 113 ] CVE-2014-1578\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1578\n[ 114 ] CVE-2014-1580\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1580\n[ 115 ] CVE-2014-1581\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1581\n[ 116 ] CVE-2014-1582\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1582\n[ 117 ] CVE-2014-1583\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1583\n[ 118 ] CVE-2014-1584\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1584\n[ 119 ] CVE-2014-1585\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1585\n[ 120 ] CVE-2014-1586\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1586\n[ 121 ] CVE-2014-1587\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1587\n[ 122 ] CVE-2014-1588\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1588\n[ 123 ] CVE-2014-1589\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1589\n[ 124 ] CVE-2014-1590\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1590\n[ 125 ] CVE-2014-1591\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1591\n[ 126 ] CVE-2014-1592\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1592\n[ 127 ] CVE-2014-1593\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1593\n[ 128 ] CVE-2014-1594\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1594\n[ 129 ] CVE-2014-5369\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5369\n[ 130 ] CVE-2014-8631\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8631\n[ 131 ] CVE-2014-8632\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8632\n[ 132 ] CVE-2014-8634\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8634\n[ 133 ] CVE-2014-8635\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8635\n[ 134 ] CVE-2014-8636\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8636\n[ 135 ] CVE-2014-8637\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8637\n[ 136 ] CVE-2014-8638\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8638\n[ 137 ] CVE-2014-8639\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8639\n[ 138 ] CVE-2014-8640\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8640\n[ 139 ] CVE-2014-8641\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8641\n[ 140 ] CVE-2014-8642\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8642\n[ 141 ] CVE-2015-0817\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0817\n[ 142 ] CVE-2015-0818\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0818\n[ 143 ] CVE-2015-0819\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0819\n[ 144 ] CVE-2015-0820\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0820\n[ 145 ] CVE-2015-0821\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0821\n[ 146 ] CVE-2015-0822\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0822\n[ 147 ] CVE-2015-0823\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0823\n[ 148 ] CVE-2015-0824\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0824\n[ 149 ] CVE-2015-0825\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0825\n[ 150 ] CVE-2015-0826\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0826\n[ 151 ] CVE-2015-0827\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0827\n[ 152 ] CVE-2015-0828\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0828\n[ 153 ] CVE-2015-0829\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0829\n[ 154 ] CVE-2015-0830\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0830\n[ 155 ] CVE-2015-0831\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0831\n[ 156 ] CVE-2015-0832\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0832\n[ 157 ] CVE-2015-0833\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0833\n[ 158 ] CVE-2015-0834\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0834\n[ 159 ] CVE-2015-0835\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0835\n[ 160 ] CVE-2015-0836\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0836\n[ 161 ] VE-2014-1504\n\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201504-01\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2015:059\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : nss\n Date : March 13, 2015\n Affected: Business Server 2.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been found and corrected in the Mozilla\n NSS and NSPR packages:\n \n The cert_TestHostName function in lib/certdb/certdb.c in the\n certificate-checking implementation in Mozilla Network Security\n Services (NSS) before 3.16 accepts a wildcard character that is\n embedded in an internationalized domain name\u0026#039;s U-label, which might\n allow man-in-the-middle attackers to spoof SSL servers via a crafted\n certificate (CVE-2014-1492). \n \n Use-after-free vulnerability in the CERT_DestroyCertificate function\n in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used\n in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird\n before 24.7, allows remote attackers to execute arbitrary code via\n vectors that trigger certain improper removal of an NSSCertificate\n structure from a trust domain (CVE-2014-1544). \n \n The definite_length_decoder function in lib/util/quickder.c in\n Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x\n before 3.17.3 does not ensure that the DER encoding of an ASN.1\n length is properly formed, which allows remote attackers to conduct\n data-smuggling attacks by using a long byte sequence for an encoding,\n as demonstrated by the SEC_QuickDERDecodeItem function\u0026#039;s improper\n handling of an arbitrary-length encoding of 0x00 (CVE-2014-1569). \n \n Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote\n attackers to execute arbitrary code or cause a denial of service\n (out-of-bounds write) via vectors involving the sprintf and console\n functions (CVE-2014-1545). \n \n The sqlite3 packages have been upgraded to the 3.8.6 version due to\n an prerequisite to nss-3.17.x. \n \n Additionally the rootcerts package has also been updated to the\n latest version as of 2014-11-17, which adds, removes, and distrusts\n several certificates. \n \n The updated packages provides a solution for these security issues. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545\n https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16_release_notes\n https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.1_release_notes\n https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.2_release_notes\n https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.3_release_notes\n https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17_release_notes\n https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.1_release_notes\n https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.2_release_notes\n https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.3_release_notes\n https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.4_release_notes\n https://www.mozilla.org/en-US/security/advisories/mfsa2014-55/\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 2aea53da7622f23ec03faa5605d9672c mbs2/x86_64/lemon-3.8.6-1.mbs2.x86_64.rpm\n 68cc94d4a95146583d8a6b2849759614 mbs2/x86_64/lib64nspr4-4.10.8-1.mbs2.x86_64.rpm\n a6ffe2ebe6de847b6227c8c4c2cb4ba4 mbs2/x86_64/lib64nspr-devel-4.10.8-1.mbs2.x86_64.rpm\n 78ba63e6a21b897abac8e4b0e975470d mbs2/x86_64/lib64nss3-3.17.4-1.mbs2.x86_64.rpm\n aacf8b1f144a7044e77abc5d0be72a7b mbs2/x86_64/lib64nss-devel-3.17.4-1.mbs2.x86_64.rpm\n 6afff220f7fa93dede0486b76155ae44 mbs2/x86_64/lib64nss-static-devel-3.17.4-1.mbs2.x86_64.rpm\n 63ffb7675dc414a52a4647f5ed302e3c mbs2/x86_64/lib64sqlite3_0-3.8.6-1.mbs2.x86_64.rpm\n cfefad1ef4f83cceeeb34a4f2ffca442 mbs2/x86_64/lib64sqlite3-devel-3.8.6-1.mbs2.x86_64.rpm\n e976251ee0ae5c2b2a2f6a163b693e85 mbs2/x86_64/lib64sqlite3-static-devel-3.8.6-1.mbs2.x86_64.rpm\n 42018611a17d2b6480b63f0a968a796d mbs2/x86_64/nss-3.17.4-1.mbs2.x86_64.rpm\n b955454c30e482635944134eb02456e4 mbs2/x86_64/nss-doc-3.17.4-1.mbs2.noarch.rpm\n 3058267964146b7806c493ff536da63d mbs2/x86_64/rootcerts-20141117.00-1.mbs2.x86_64.rpm\n 18fc28f1ae18ddd5fe01acb77811d0e6 mbs2/x86_64/rootcerts-java-20141117.00-1.mbs2.x86_64.rpm\n 200f6a413d13d850ea084a9e42c4fc23 mbs2/x86_64/sqlite3-tcl-3.8.6-1.mbs2.x86_64.rpm\n 8c88a446098d21cf2675173e32a208e6 mbs2/x86_64/sqlite3-tools-3.8.6-1.mbs2.x86_64.rpm \n 2e494a940c3189617ff62bc15a2b14fb mbs2/SRPMS/nspr-4.10.8-1.mbs2.src.rpm\n 0a28d1c9c07909d488c7dabe92c47529 mbs2/SRPMS/nss-3.17.4-1.mbs2.src.rpm\n 10dcc357bb0bbdc22e7dd308074d037b mbs2/SRPMS/rootcerts-20141117.00-1.mbs2.src.rpm\n df412cc892bb40e1d7345079a25c0bbb mbs2/SRPMS/sqlite3-3.8.6-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVAvuLmqjQ0CJFipgRArOfAKDn7F7m/ZnJATspmFD0k083yGXQJwCdHAzw\nP1QqaGn3HFIH8gKR7XVcRAA=\n=ZF+9\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1568"
},
{
"db": "CERT/CC",
"id": "VU#772676"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004409"
},
{
"db": "VULHUB",
"id": "VHN-69507"
},
{
"db": "VULMON",
"id": "CVE-2014-1568"
},
{
"db": "PACKETSTORM",
"id": "128471"
},
{
"db": "PACKETSTORM",
"id": "128404"
},
{
"db": "PACKETSTORM",
"id": "128389"
},
{
"db": "PACKETSTORM",
"id": "131314"
},
{
"db": "PACKETSTORM",
"id": "130825"
},
{
"db": "PACKETSTORM",
"id": "128391"
}
],
"trust": 3.06
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/772676",
"trust": 0.8,
"type": "poc"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-69507",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#772676"
},
{
"db": "VULHUB",
"id": "VHN-69507"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1568",
"trust": 3.3
},
{
"db": "CERT/CC",
"id": "VU#772676",
"trust": 2.8
},
{
"db": "JUNIPER",
"id": "JSA10761",
"trust": 1.2
},
{
"db": "JUNIPER",
"id": "JSA10698",
"trust": 1.2
},
{
"db": "SECUNIA",
"id": "61540",
"trust": 1.2
},
{
"db": "SECUNIA",
"id": "61575",
"trust": 1.2
},
{
"db": "SECUNIA",
"id": "61583",
"trust": 1.2
},
{
"db": "SECUNIA",
"id": "61574",
"trust": 1.2
},
{
"db": "SECUNIA",
"id": "61576",
"trust": 1.2
},
{
"db": "BID",
"id": "70116",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU94190107",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004409",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201409-965",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "128391",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "128389",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "128629",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "128471",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "128404",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "128537",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128390",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128400",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128401",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128438",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-69507",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-1568",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131314",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130825",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#772676"
},
{
"db": "VULHUB",
"id": "VHN-69507"
},
{
"db": "VULMON",
"id": "CVE-2014-1568"
},
{
"db": "PACKETSTORM",
"id": "128471"
},
{
"db": "PACKETSTORM",
"id": "128404"
},
{
"db": "PACKETSTORM",
"id": "128389"
},
{
"db": "PACKETSTORM",
"id": "131314"
},
{
"db": "PACKETSTORM",
"id": "130825"
},
{
"db": "PACKETSTORM",
"id": "128391"
},
{
"db": "PACKETSTORM",
"id": "128629"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-965"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004409"
},
{
"db": "NVD",
"id": "CVE-2014-1568"
}
]
},
"id": "VAR-201409-0340",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-69507"
}
],
"trust": 0.01
},
"last_update_date": "2025-12-22T22:57:29.441000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Stable Channel Update",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/2014/09/stable-channel-update_24.html"
},
{
"title": "Stable Channel Update for Chrome OS",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/2014/09/stable-channel-update-for-chrome-os_24.html"
},
{
"title": "bug#1069405",
"trust": 0.8,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1069405"
},
{
"title": "bug#1064636 ",
"trust": 0.8,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1064636"
},
{
"title": "Network Security Services ",
"trust": 0.8,
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
},
{
"title": "NSS Releases",
"trust": 0.8,
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases"
},
{
"title": "Mozilla Foundation \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30c9\u30d0\u30a4\u30b6\u30ea 2014-73",
"trust": 0.8,
"url": "http://www.mozilla-japan.org/security/announce/2014/mfsa2014-73.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html"
},
{
"title": "Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixEM"
},
{
"title": "Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html"
},
{
"title": "Oracle Critical Patch Update Advisory - April 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html"
},
{
"title": "Oracle Critical Patch Update Advisory - July 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"title": "RHSA-2014:1307",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2014-1307.html"
},
{
"title": "RHSA-2014:1371",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2014-1371.html"
},
{
"title": "RHSA-2014:1354",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2014-1354.html"
},
{
"title": "July 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update"
},
{
"title": "January 2015 Critical Patch Update Released ",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/january_2015_critical_patch_update"
},
{
"title": "April 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update"
},
{
"title": "JSA10698",
"trust": 0.8,
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698\u0026actp=search"
},
{
"title": "37.0.2062.124_chrome_installer",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54762"
},
{
"title": "nss-3.16.5",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54742"
},
{
"title": "firefox-32.0.3.source",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54746"
},
{
"title": "Firefox Setup 31.1.1esr",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54750"
},
{
"title": "Thunderbird 24.8.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54754"
},
{
"title": "thunderbird-31.1.2.source",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54758"
},
{
"title": "nss-3.16.2.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54741"
},
{
"title": "Firefox 32.0.3",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54745"
},
{
"title": "firefox-24.8.1esr.source",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54749"
},
{
"title": "Thunderbird Setup 24.8.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54753"
},
{
"title": "Thunderbird 31.1.2",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54757"
},
{
"title": "seamonkey-2.29.1.source",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54761"
},
{
"title": "Firefox Setup 32.0.3",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54744"
},
{
"title": "Firefox 24.8.1esr",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54748"
},
{
"title": "firefox-31.1.1esr.source",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54752"
},
{
"title": "Thunderbird Setup 31.1.2",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54756"
},
{
"title": "SeaMonkey 2.29.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54760"
},
{
"title": "nss-3.17.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54743"
},
{
"title": "Firefox Setup 24.8.1esr",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54747"
},
{
"title": "Firefox 31.1.1esr",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54751"
},
{
"title": "thunderbird-24.8.1.source",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54755"
},
{
"title": "SeaMonkey Setup 2.29.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54759"
},
{
"title": "37.0.2062.120_chrome_installer_win64",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54763"
},
{
"title": "Ubuntu Security Notice: nss vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2361-1"
},
{
"title": "Ubuntu Security Notice: thunderbird vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2360-2"
},
{
"title": "Ubuntu Security Notice: firefox vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2360-1"
},
{
"title": "Debian Security Advisories: DSA-3037-1 icedove -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0cdafb45f65b45c32ba28a252cf69aca"
},
{
"title": "Debian Security Advisories: DSA-3033-1 nss -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=95a616cbe615a00b3319e7f0c0cc52a9"
},
{
"title": "Debian Security Advisories: DSA-3034-1 iceweasel -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0b8977bbd67dd6b7595c4a471981c654"
},
{
"title": "Amazon Linux AMI: ALAS-2014-422",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2014-422"
},
{
"title": "Amazon Linux AMI: ALAS-2014-423",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2014-423"
},
{
"title": "Mozilla: Mozilla Foundation Security Advisory 2014-73",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=2014-73"
},
{
"title": "Amazon Linux AMI: ALAS-2014-424",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2014-424"
},
{
"title": "Red Hat: CVE-2014-1568",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-1568"
},
{
"title": "Symantec Security Advisories: SA84 : BERserk NSS Signature Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=f467357487965e566960830bb4f9f807"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
},
{
"title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=6c15273f6bf4a785175f27073b98a1ce"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655"
},
{
"title": "Publications",
"trust": 0.1,
"url": "https://github.com/abazhaniuk/Publications "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-1568"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-965"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004409"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69507"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004409"
},
{
"db": "NVD",
"id": "CVE-2014-1568"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-73.html"
},
{
"trust": 2.6,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1069405"
},
{
"trust": 2.6,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1064636"
},
{
"trust": 2.1,
"url": "http://www.kb.cert.org/vuls/id/772676"
},
{
"trust": 1.8,
"url": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html"
},
{
"trust": 1.8,
"url": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html"
},
{
"trust": 1.6,
"url": "http://www.imc.org/ietf-openpgp/mail-archive/msg06063.html"
},
{
"trust": 1.3,
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"trust": 1.3,
"url": "http://rhn.redhat.com/errata/rhsa-2014-1371.html"
},
{
"trust": 1.3,
"url": "http://www.ubuntu.com/usn/usn-2360-1"
},
{
"trust": 1.3,
"url": "http://www.ubuntu.com/usn/usn-2361-1"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/70116"
},
{
"trust": 1.2,
"url": "http://www.novell.com/support/kb/doc.php?id=7015701"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"trust": 1.2,
"url": "http://www.debian.org/security/2014/dsa-3033"
},
{
"trust": 1.2,
"url": "http://www.debian.org/security/2014/dsa-3034"
},
{
"trust": 1.2,
"url": "http://www.debian.org/security/2014/dsa-3037"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2014-1307.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2014-1354.html"
},
{
"trust": 1.2,
"url": "http://secunia.com/advisories/61540"
},
{
"trust": 1.2,
"url": "http://secunia.com/advisories/61574"
},
{
"trust": 1.2,
"url": "http://secunia.com/advisories/61575"
},
{
"trust": 1.2,
"url": "http://secunia.com/advisories/61576"
},
{
"trust": 1.2,
"url": "http://secunia.com/advisories/61583"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00032.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00036.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00039.html"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-2360-2"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96194"
},
{
"trust": 1.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10698"
},
{
"trust": 1.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761"
},
{
"trust": 1.0,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1568"
},
{
"trust": 0.8,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss"
},
{
"trust": 0.8,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_releases"
},
{
"trust": 0.8,
"url": "https://www.ietf.org/rfc/rfc2313.txt"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/pkcs#1"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94190107/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1568"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc2313"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1568"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10698"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10761"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/310.html"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2361-1/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-1568"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nss/2:3.17.1-0ubuntu0.14.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nss/3.17.1-0ubuntu0.10.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nss/3.17.1-0ubuntu0.12.04.1"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1557"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1482"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1541"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1539"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1568"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5592"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5599"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1510"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1529"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6671"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1550"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8631"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5593"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0834"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1500"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1508"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5613"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1480"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1491"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1512"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1560"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1534"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1581"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1479"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1494"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5600"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5600"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5595"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1478"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1580"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1594"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1502"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8634"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0821"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0833"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1589"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6672"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8641"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1477"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0828"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1538"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8642"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1526"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5609"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1576"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6673"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5604"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1741"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1555"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5595"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1486"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1567"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5607"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1564"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5616"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1563"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5606"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8640"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1561"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1485"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5597"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0831"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1505"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1525"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1496"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0819"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1583"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0829"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8636"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1544"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5598"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1481"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8639"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0817"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1548"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1536"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0825"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1553"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1489"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8638"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5599"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1497"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1551"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1558"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5591"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1542"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5602"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1578"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0826"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5618"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5590"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2566"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5603"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1511"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0832"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1592"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1549"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5612"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1566"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1543"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1577"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5601"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1498"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1524"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1584"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5605"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5615"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5605"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1547"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8635"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5610"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1556"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5593"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1514"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1531"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0830"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0822"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1533"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1585"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5619"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5615"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-5369"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1574"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1488"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1532"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1559"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0835"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5618"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1493"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1588"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5596"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1530"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1522"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1552"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1593"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8632"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1513"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5597"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1587"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0818"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1487"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1519"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1523"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1540"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1586"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1518"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1590"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5592"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5601"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1741"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1490"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2566"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1582"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5596"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8637"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5606"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1483"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1499"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5619"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5604"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0836"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5609"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5614"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5607"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5598"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1562"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1509"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5610"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1537"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1545"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0820"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5616"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1575"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5614"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5602"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5590"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1492"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1492"
},
{
"trust": 0.1,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.16.2_release_notes"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1492"
},
{
"trust": 0.1,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.17.2_release_notes"
},
{
"trust": 0.1,
"url": "https://www.mozilla.org/en-us/security/advisories/mfsa2014-55/"
},
{
"trust": 0.1,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.17.1_release_notes"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1569"
},
{
"trust": 0.1,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.17_release_notes"
},
{
"trust": 0.1,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.16_release_notes"
},
{
"trust": 0.1,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.16.1_release_notes"
},
{
"trust": 0.1,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.17.3_release_notes"
},
{
"trust": 0.1,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.16.3_release_notes"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1569"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1545"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1545"
},
{
"trust": 0.1,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.17.4_release_notes"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1544"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/32.0.3+build1-0ubuntu0.14.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/32.0.3+build1-0ubuntu0.12.04.1"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-1568.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#772676"
},
{
"db": "VULHUB",
"id": "VHN-69507"
},
{
"db": "VULMON",
"id": "CVE-2014-1568"
},
{
"db": "PACKETSTORM",
"id": "128471"
},
{
"db": "PACKETSTORM",
"id": "128404"
},
{
"db": "PACKETSTORM",
"id": "128389"
},
{
"db": "PACKETSTORM",
"id": "131314"
},
{
"db": "PACKETSTORM",
"id": "130825"
},
{
"db": "PACKETSTORM",
"id": "128391"
},
{
"db": "PACKETSTORM",
"id": "128629"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-965"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004409"
},
{
"db": "NVD",
"id": "CVE-2014-1568"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#772676"
},
{
"db": "VULHUB",
"id": "VHN-69507"
},
{
"db": "VULMON",
"id": "CVE-2014-1568"
},
{
"db": "PACKETSTORM",
"id": "128471"
},
{
"db": "PACKETSTORM",
"id": "128404"
},
{
"db": "PACKETSTORM",
"id": "128389"
},
{
"db": "PACKETSTORM",
"id": "131314"
},
{
"db": "PACKETSTORM",
"id": "130825"
},
{
"db": "PACKETSTORM",
"id": "128391"
},
{
"db": "PACKETSTORM",
"id": "128629"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-965"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004409"
},
{
"db": "NVD",
"id": "CVE-2014-1568"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-24T00:00:00",
"db": "CERT/CC",
"id": "VU#772676"
},
{
"date": "2014-09-25T00:00:00",
"db": "VULHUB",
"id": "VHN-69507"
},
{
"date": "2014-09-25T00:00:00",
"db": "VULMON",
"id": "CVE-2014-1568"
},
{
"date": "2014-09-30T00:19:30",
"db": "PACKETSTORM",
"id": "128471"
},
{
"date": "2014-09-25T15:14:25",
"db": "PACKETSTORM",
"id": "128404"
},
{
"date": "2014-09-25T00:06:10",
"db": "PACKETSTORM",
"id": "128389"
},
{
"date": "2015-04-07T16:00:47",
"db": "PACKETSTORM",
"id": "131314"
},
{
"date": "2015-03-16T15:40:11",
"db": "PACKETSTORM",
"id": "130825"
},
{
"date": "2014-09-25T00:06:28",
"db": "PACKETSTORM",
"id": "128391"
},
{
"date": "2014-10-10T23:23:00",
"db": "PACKETSTORM",
"id": "128629"
},
{
"date": "2014-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-965"
},
{
"date": "2014-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004409"
},
{
"date": "2014-09-25T17:55:04.387000",
"db": "NVD",
"id": "CVE-2014-1568"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-24T00:00:00",
"db": "CERT/CC",
"id": "VU#772676"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-69507"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULMON",
"id": "CVE-2014-1568"
},
{
"date": "2014-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-965"
},
{
"date": "2015-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004409"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-1568"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "128629"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-965"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mozilla Network Security Services (NSS) fails to properly verify RSA signatures",
"sources": [
{
"db": "CERT/CC",
"id": "VU#772676"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-965"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.