VAR-201409-0340
Vulnerability from variot - Updated: 2026-03-09 22:03Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue. This vulnerability may allow an attacker to forge a RSA signature, such as a SSL certificate. Mozilla Network Security Services (NSS) The library contains DigestInfo There is a problem with the processing of RSA A vulnerability exists that does not properly verify signatures. Mozilla Network Security Services (NSS) Implemented by the library DigestInfo There is a vulnerability in the processing of. BER Encoded DigestInfo When parsing a field, the parsing of padded bytes is bypassed, PKCS#1 v1.5 Formal RSA Signature forgery may not be detected (CWE-295) . CWE-295: Improper Certificate Validation http://cwe.mitre.org/data/definitions/295.html This vulnerability 2006 Announced in the year Bleichenbacher vulnerability It is a kind of. Bleichenbacher vulnerability http://www.imc.org/ietf-openpgp/mail-archive/msg06063.html Mozilla NSS Is plural Linux Distributions and packages, and Google Chrome And Google Chrome OS It is used in etc. Other vulnerable libraries and products may have similar vulnerable implementations.SSL Certificate etc. RSA The signature may be forged. The vulnerability is caused by the program not correctly parsing ASN.1 values in X.509 certificates. ============================================================================ Ubuntu Security Notice USN-2360-2 September 24, 2014
thunderbird vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet.
Software Description: - thunderbird: Mozilla Open Source mail and newsgroup client
Details:
USN-2360-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird.
Original advisory details:
Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: thunderbird 1:31.1.2+build1-0ubuntu0.14.04.1
Ubuntu 12.04 LTS: thunderbird 1:31.1.2+build1-0ubuntu0.12.04.1
After a standard system update you need to restart Thunderbird to make all the necessary changes.
For the testing distribution (jessie) and unstable distribution (sid), Icedove uses the system NSS library, handled in DSA 3033-1.
For the stable distribution (wheezy), this problem has been fixed in version 2:3.14.5-1+deb7u2.
For the testing distribution (jessie), this problem has been fixed in version 2:3.17.1.
For the unstable distribution (sid), this problem has been fixed in version 2:3.17.1.
We recommend that you upgrade your nss packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: rhev-hypervisor6 security update Advisory ID: RHSA-2014:1354-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1354.html Issue date: 2014-10-02 CVE Names: CVE-2014-1568 CVE-2014-6271 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 =====================================================================
- Summary:
An updated rhev-hypervisor6 package that fixes several security issues is now available.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
RHEV-M 3.4 - noarch
- Description:
The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.
Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.
A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue. (CVE-2014-6271)
It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue. (CVE-2014-7169)
A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. (CVE-2014-1568)
It was discovered that the fixed-sized redir_stack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code. (CVE-2014-7186)
An off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs. Depending on the layout of the .bss segment, this could allow arbitrary execution of code that would not otherwise be executed by Bash. (CVE-2014-7187)
Red Hat would like to thank Stephane Chazelas for reporting CVE-2014-6271, and the Mozilla project for reporting CVE-2014-1568. Upstream acknowledges Antoine Delignat-Lavaud and Intel Product Security Incident Response Team as the original reporters of CVE-2014-1568. The CVE-2014-7186 and CVE-2014-7187 issues were discovered by Florian Weimer of Red Hat Product Security.
Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package.
- Solution:
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
To upgrade Hypervisors in Red Hat Enterprise Virtualization environments using the disk image provided by this package, refer to:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/ht ml/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Ente rprise_Virtualization_Hypervisors.html
- Bugs fixed (https://bugzilla.redhat.com/):
1141597 - CVE-2014-6271 bash: specially-crafted environment variables can be used to inject shell commands 1145429 - CVE-2014-1568 nss: RSA PKCS#1 signature verification forgery flaw (MFSA 2014-73) 1146319 - CVE-2014-7169 bash: code execution via specially-crafted environment (Incomplete fix for CVE-2014-6271) 1146791 - CVE-2014-7186 bash: parser can allow out-of-bounds memory access while handling redir_stack 1146804 - CVE-2014-7187 bash: off-by-one error in deeply nested flow control constructs
- Package List:
RHEV-M 3.4:
Source: rhev-hypervisor6-6.5-20140930.1.el6ev.src.rpm
noarch: rhev-hypervisor6-6.5-20140930.1.el6ev.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2014-1568.html https://www.redhat.com/security/data/cve/CVE-2014-6271.html https://www.redhat.com/security/data/cve/CVE-2014-7169.html https://www.redhat.com/security/data/cve/CVE-2014-7186.html https://www.redhat.com/security/data/cve/CVE-2014-7187.html https://access.redhat.com/security/updates/classification/#critical
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFULad7XlSAg2UNWIIRArccAJ95pkvG2fyfrI6g4Ve/+fAdnbQq2QCffmYR IH3VLRMcNTi5Gr1GmWlBiFg= =DD5a -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2015:059 http://www.mandriva.com/en/support/security/
Package : nss Date : March 13, 2015 Affected: Business Server 2.0
Problem Description:
Multiple vulnerabilities has been found and corrected in the Mozilla NSS and NSPR packages:
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate (CVE-2014-1492).
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain (CVE-2014-1544).
The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as demonstrated by the SEC_QuickDERDecodeItem function's improper handling of an arbitrary-length encoding of 0x00 (CVE-2014-1569).
Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions (CVE-2014-1545).
The sqlite3 packages have been upgraded to the 3.8.6 version due to an prerequisite to nss-3.17.x.
Additionally the rootcerts package has also been updated to the latest version as of 2014-11-17, which adds, removes, and distrusts several certificates.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.1_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.2_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.3_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.1_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.2_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.3_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.4_release_notes https://www.mozilla.org/en-US/security/advisories/mfsa2014-55/
Updated Packages:
Mandriva Business Server 2/X86_64: 2aea53da7622f23ec03faa5605d9672c mbs2/x86_64/lemon-3.8.6-1.mbs2.x86_64.rpm 68cc94d4a95146583d8a6b2849759614 mbs2/x86_64/lib64nspr4-4.10.8-1.mbs2.x86_64.rpm a6ffe2ebe6de847b6227c8c4c2cb4ba4 mbs2/x86_64/lib64nspr-devel-4.10.8-1.mbs2.x86_64.rpm 78ba63e6a21b897abac8e4b0e975470d mbs2/x86_64/lib64nss3-3.17.4-1.mbs2.x86_64.rpm aacf8b1f144a7044e77abc5d0be72a7b mbs2/x86_64/lib64nss-devel-3.17.4-1.mbs2.x86_64.rpm 6afff220f7fa93dede0486b76155ae44 mbs2/x86_64/lib64nss-static-devel-3.17.4-1.mbs2.x86_64.rpm 63ffb7675dc414a52a4647f5ed302e3c mbs2/x86_64/lib64sqlite3_0-3.8.6-1.mbs2.x86_64.rpm cfefad1ef4f83cceeeb34a4f2ffca442 mbs2/x86_64/lib64sqlite3-devel-3.8.6-1.mbs2.x86_64.rpm e976251ee0ae5c2b2a2f6a163b693e85 mbs2/x86_64/lib64sqlite3-static-devel-3.8.6-1.mbs2.x86_64.rpm 42018611a17d2b6480b63f0a968a796d mbs2/x86_64/nss-3.17.4-1.mbs2.x86_64.rpm b955454c30e482635944134eb02456e4 mbs2/x86_64/nss-doc-3.17.4-1.mbs2.noarch.rpm 3058267964146b7806c493ff536da63d mbs2/x86_64/rootcerts-20141117.00-1.mbs2.x86_64.rpm 18fc28f1ae18ddd5fe01acb77811d0e6 mbs2/x86_64/rootcerts-java-20141117.00-1.mbs2.x86_64.rpm 200f6a413d13d850ea084a9e42c4fc23 mbs2/x86_64/sqlite3-tcl-3.8.6-1.mbs2.x86_64.rpm 8c88a446098d21cf2675173e32a208e6 mbs2/x86_64/sqlite3-tools-3.8.6-1.mbs2.x86_64.rpm 2e494a940c3189617ff62bc15a2b14fb mbs2/SRPMS/nspr-4.10.8-1.mbs2.src.rpm 0a28d1c9c07909d488c7dabe92c47529 mbs2/SRPMS/nss-3.17.4-1.mbs2.src.rpm 10dcc357bb0bbdc22e7dd308074d037b mbs2/SRPMS/rootcerts-20141117.00-1.mbs2.src.rpm df412cc892bb40e1d7345079a25c0bbb mbs2/SRPMS/sqlite3-3.8.6-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVAvuLmqjQ0CJFipgRArOfAKDn7F7m/ZnJATspmFD0k083yGXQJwCdHAzw P1QqaGn3HFIH8gKR7XVcRAA= =ZF+9 -----END PGP SIGNATURE-----
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.6,
"vendor": "mozilla",
"version": "2.13.1"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.6,
"vendor": "mozilla",
"version": "2.15"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.6,
"vendor": "mozilla",
"version": "2.14"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.6,
"vendor": "mozilla",
"version": "2.13.2"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.15.1"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.10"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.5"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.5.0.8"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.3"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "31.0"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "32.0.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "32.0.2"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.13"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.16"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "31.0"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.5.0.9"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.6"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.11"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.14"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.24"
},
{
"_id": null,
"model": "chrome",
"scope": "lte",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.120"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.12"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.13"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.9"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.3.2"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.16"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.25"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.19"
},
{
"_id": null,
"model": "firefox",
"scope": "lte",
"trust": 1.0,
"vendor": "mozilla",
"version": "32.0"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.7.2"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.7.3"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.8"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.22"
},
{
"_id": null,
"model": "thunderbird",
"scope": "lte",
"trust": 1.0,
"vendor": "mozilla",
"version": "24.8.0"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.15.4"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.14.2"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.20"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.0"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.10"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.4"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.14.5"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.0.7"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.7"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.1"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.10"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.13"
},
{
"_id": null,
"model": "firefox esr",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "24.8.0"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.2"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.10"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.12"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.3"
},
{
"_id": null,
"model": "seamonkey",
"scope": "lte",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.29"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.6"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.14.1"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.3"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.0.1"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.8"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.26"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.14"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.3"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.4.1"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.11"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.0.4"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.15"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.8"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.2"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.15.1"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.1"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.16"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.15"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.4"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.15.2"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.14"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.7"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "31.1.0"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "31.1.0"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.7.7"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.11.5"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.17"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.10.1"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.0.9"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.4"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.2"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.15.5"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.21"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.6"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.22.1"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.7"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.11.2"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.2"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.23"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.0.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.100"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.6"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.19"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.14.3"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "*"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.17"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.16.2"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.15.3.1"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.7"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.0.3"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.2"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.0.6"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.3"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.12.1"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.12"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.20"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.18"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.5"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.7.1"
},
{
"_id": null,
"model": "chrome",
"scope": "lte",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.103"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.16.4"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.1"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.4"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.16.1"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.9"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.11.4"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.14.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.0"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.7.5"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.6.1"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.1"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.3.1"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.11.3"
},
{
"_id": null,
"model": "network security services",
"scope": "lte",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.16.2.0"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.9"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.5"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.0.8"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.3.1"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.11"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.18"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.8"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.15.2"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.2.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.102"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.17.1"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.16.3"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.16.1"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.9"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.5.0.10"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "31.1.1"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.0.5"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.3.2"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.5"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.4.2"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.15.3"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.11"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mozilla",
"version": null
},
{
"_id": null,
"model": "chrome",
"scope": "lt",
"trust": 0.8,
"vendor": "google",
"version": "37.0.2062.124 earlier"
},
{
"_id": null,
"model": "chrome",
"scope": "lt",
"trust": 0.8,
"vendor": "google",
"version": "os 37.0.2062.120 (platform version: 5978.98.1/5978.98.2) earlier"
},
{
"_id": null,
"model": "firefox",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "32.0.3 earlier"
},
{
"_id": null,
"model": "firefox esr",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "24.8.1 earlier"
},
{
"_id": null,
"model": "firefox esr",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "31.1.1 earlier"
},
{
"_id": null,
"model": "network security services",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "3.16.2.1 earlier"
},
{
"_id": null,
"model": "network security services",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "3.16.5 earlier"
},
{
"_id": null,
"model": "network security services",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "3.17.1 earlier"
},
{
"_id": null,
"model": "seamonkey",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "2.29.1 earlier"
},
{
"_id": null,
"model": "thunderbird",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "24.8.1 earlier"
},
{
"_id": null,
"model": "thunderbird",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "31.1.2 earlier"
},
{
"_id": null,
"model": "communications applications",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle communications messaging server 7.0.5.33.0"
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle directory server enterprise edition 11.1.1.7"
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle directory server enterprise edition 7.0"
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle opensso 3.0-05"
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle traffic director 11.1.1.7.0"
},
{
"_id": null,
"model": "glassfish server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "2.1.1"
},
{
"_id": null,
"model": "iplanet web proxy server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "4.0"
},
{
"_id": null,
"model": "iplanet web server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "6.1"
},
{
"_id": null,
"model": "iplanet web server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "7.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#772676"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-965"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004409"
},
{
"db": "NVD",
"id": "CVE-2014-1568"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mozilla:firefox",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mozilla:firefox_esr",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mozilla:network_security_services",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mozilla:seamonkey",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mozilla:thunderbird",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:communications_applications",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:fusion_middleware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:glassfish_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:iplanet_web_proxy_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:iplanet_web_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004409"
}
]
},
"credits": {
"_id": null,
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "128390"
},
{
"db": "PACKETSTORM",
"id": "128391"
}
],
"trust": 0.2
},
"cve": "CVE-2014-1568",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-1568",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 8.8,
"collateralDamagePotential": "HIGH",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "HIGH",
"enviromentalScore": 8.7,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 8.6,
"id": "CVE-2014-1568",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"integrityRequirement": "HIGH",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "HIGH",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:M/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 8.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2014-004409",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-69507",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-1568",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-1568",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2014-004409",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-965",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-69507",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-1568",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#772676"
},
{
"db": "VULHUB",
"id": "VHN-69507"
},
{
"db": "VULMON",
"id": "CVE-2014-1568"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-965"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004409"
},
{
"db": "NVD",
"id": "CVE-2014-1568"
}
]
},
"description": {
"_id": null,
"data": "Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a \"signature malleability\" issue. This vulnerability may allow an attacker to forge a RSA signature, such as a SSL certificate. Mozilla Network Security Services (NSS) The library contains DigestInfo There is a problem with the processing of RSA A vulnerability exists that does not properly verify signatures. Mozilla Network Security Services (NSS) Implemented by the library DigestInfo There is a vulnerability in the processing of. BER Encoded DigestInfo When parsing a field, the parsing of padded bytes is bypassed, PKCS#1 v1.5 Formal RSA Signature forgery may not be detected (CWE-295) . CWE-295: Improper Certificate Validation http://cwe.mitre.org/data/definitions/295.html This vulnerability 2006 Announced in the year Bleichenbacher vulnerability It is a kind of. Bleichenbacher vulnerability http://www.imc.org/ietf-openpgp/mail-archive/msg06063.html Mozilla NSS Is plural Linux Distributions and packages, and Google Chrome And Google Chrome OS It is used in etc. Other vulnerable libraries and products may have similar vulnerable implementations.SSL Certificate etc. RSA The signature may be forged. The vulnerability is caused by the program not correctly parsing ASN.1 values \u200b\u200b\u200b\u200bin X.509 certificates. ============================================================================\nUbuntu Security Notice USN-2360-2\nSeptember 24, 2014\n\nthunderbird vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nFraudulent security certificates could allow sensitive information to\nbe exposed when accessing the Internet. \n\nSoftware Description:\n- thunderbird: Mozilla Open Source mail and newsgroup client\n\nDetails:\n\nUSN-2360-1 fixed vulnerabilities in Firefox. This update provides the\ncorresponding updates for Thunderbird. \n\nOriginal advisory details:\n\n Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled\n parsing ASN.1 values. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n thunderbird 1:31.1.2+build1-0ubuntu0.14.04.1\n\nUbuntu 12.04 LTS:\n thunderbird 1:31.1.2+build1-0ubuntu0.12.04.1\n\nAfter a standard system update you need to restart Thunderbird to make\nall the necessary changes. \n\nFor the testing distribution (jessie) and unstable distribution (sid),\nIcedove uses the system NSS library, handled in DSA 3033-1. \n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2:3.14.5-1+deb7u2. \n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 2:3.17.1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2:3.17.1. \n\nWe recommend that you upgrade your nss packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: rhev-hypervisor6 security update\nAdvisory ID: RHSA-2014:1354-01\nProduct: Red Hat Enterprise Virtualization\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-1354.html\nIssue date: 2014-10-02\nCVE Names: CVE-2014-1568 CVE-2014-6271 CVE-2014-7169 \n CVE-2014-7186 CVE-2014-7187 \n=====================================================================\n\n1. Summary:\n\nAn updated rhev-hypervisor6 package that fixes several security issues is\nnow available. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRHEV-M 3.4 - noarch\n\n3. Description:\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: a subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent. \n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions. \n\nA flaw was found in the way Bash evaluated certain specially crafted\nenvironment variables. An attacker could use this flaw to override or\nbypass environment restrictions to execute shell commands. Certain services\nand applications allow remote unauthenticated attackers to provide\nenvironment variables, allowing them to exploit this issue. (CVE-2014-6271)\n\nIt was found that the fix for CVE-2014-6271 was incomplete, and Bash still\nallowed certain characters to be injected into other environments via\nspecially crafted environment variables. An attacker could potentially use\nthis flaw to override or bypass environment restrictions to execute shell\ncommands. Certain services and applications allow remote unauthenticated\nattackers to provide environment variables, allowing them to exploit this\nissue. (CVE-2014-7169)\n\nA flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One)\ninput from certain RSA signatures. (CVE-2014-1568)\n\nIt was discovered that the fixed-sized redir_stack could be forced to\noverflow in the Bash parser, resulting in memory corruption, and possibly\nleading to arbitrary code execution when evaluating untrusted input that\nwould not otherwise be run as code. (CVE-2014-7186)\n\nAn off-by-one error was discovered in the way Bash was handling deeply\nnested flow control constructs. Depending on the layout of the .bss\nsegment, this could allow arbitrary execution of code that would not\notherwise be executed by Bash. (CVE-2014-7187)\n\nRed Hat would like to thank Stephane Chazelas for reporting CVE-2014-6271,\nand the Mozilla project for reporting CVE-2014-1568. Upstream acknowledges\nAntoine Delignat-Lavaud and Intel Product Security Incident Response Team\nas the original reporters of CVE-2014-1568. The CVE-2014-7186 and\nCVE-2014-7187 issues were discovered by Florian Weimer of Red Hat Product\nSecurity. \n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package. \n\n4. Solution:\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\nTo upgrade Hypervisors in Red Hat Enterprise Virtualization environments\nusing the disk image provided by this package, refer to:\n\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/ht\nml/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Ente\nrprise_Virtualization_Hypervisors.html\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1141597 - CVE-2014-6271 bash: specially-crafted environment variables can be used to inject shell commands\n1145429 - CVE-2014-1568 nss: RSA PKCS#1 signature verification forgery flaw (MFSA 2014-73)\n1146319 - CVE-2014-7169 bash: code execution via specially-crafted environment (Incomplete fix for CVE-2014-6271)\n1146791 - CVE-2014-7186 bash: parser can allow out-of-bounds memory access while handling redir_stack\n1146804 - CVE-2014-7187 bash: off-by-one error in deeply nested flow control constructs\n\n6. Package List:\n\nRHEV-M 3.4:\n\nSource:\nrhev-hypervisor6-6.5-20140930.1.el6ev.src.rpm\n\nnoarch:\nrhev-hypervisor6-6.5-20140930.1.el6ev.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2014-1568.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-6271.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-7169.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-7186.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-7187.html\nhttps://access.redhat.com/security/updates/classification/#critical\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFULad7XlSAg2UNWIIRArccAJ95pkvG2fyfrI6g4Ve/+fAdnbQq2QCffmYR\nIH3VLRMcNTi5Gr1GmWlBiFg=\n=DD5a\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2015:059\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : nss\n Date : March 13, 2015\n Affected: Business Server 2.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been found and corrected in the Mozilla\n NSS and NSPR packages:\n \n The cert_TestHostName function in lib/certdb/certdb.c in the\n certificate-checking implementation in Mozilla Network Security\n Services (NSS) before 3.16 accepts a wildcard character that is\n embedded in an internationalized domain name\u0026#039;s U-label, which might\n allow man-in-the-middle attackers to spoof SSL servers via a crafted\n certificate (CVE-2014-1492). \n \n Use-after-free vulnerability in the CERT_DestroyCertificate function\n in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used\n in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird\n before 24.7, allows remote attackers to execute arbitrary code via\n vectors that trigger certain improper removal of an NSSCertificate\n structure from a trust domain (CVE-2014-1544). \n \n The definite_length_decoder function in lib/util/quickder.c in\n Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x\n before 3.17.3 does not ensure that the DER encoding of an ASN.1\n length is properly formed, which allows remote attackers to conduct\n data-smuggling attacks by using a long byte sequence for an encoding,\n as demonstrated by the SEC_QuickDERDecodeItem function\u0026#039;s improper\n handling of an arbitrary-length encoding of 0x00 (CVE-2014-1569). \n \n Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote\n attackers to execute arbitrary code or cause a denial of service\n (out-of-bounds write) via vectors involving the sprintf and console\n functions (CVE-2014-1545). \n \n The sqlite3 packages have been upgraded to the 3.8.6 version due to\n an prerequisite to nss-3.17.x. \n \n Additionally the rootcerts package has also been updated to the\n latest version as of 2014-11-17, which adds, removes, and distrusts\n several certificates. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545\n https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16_release_notes\n https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.1_release_notes\n https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.2_release_notes\n https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.3_release_notes\n https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17_release_notes\n https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.1_release_notes\n https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.2_release_notes\n https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.3_release_notes\n https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.4_release_notes\n https://www.mozilla.org/en-US/security/advisories/mfsa2014-55/\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 2aea53da7622f23ec03faa5605d9672c mbs2/x86_64/lemon-3.8.6-1.mbs2.x86_64.rpm\n 68cc94d4a95146583d8a6b2849759614 mbs2/x86_64/lib64nspr4-4.10.8-1.mbs2.x86_64.rpm\n a6ffe2ebe6de847b6227c8c4c2cb4ba4 mbs2/x86_64/lib64nspr-devel-4.10.8-1.mbs2.x86_64.rpm\n 78ba63e6a21b897abac8e4b0e975470d mbs2/x86_64/lib64nss3-3.17.4-1.mbs2.x86_64.rpm\n aacf8b1f144a7044e77abc5d0be72a7b mbs2/x86_64/lib64nss-devel-3.17.4-1.mbs2.x86_64.rpm\n 6afff220f7fa93dede0486b76155ae44 mbs2/x86_64/lib64nss-static-devel-3.17.4-1.mbs2.x86_64.rpm\n 63ffb7675dc414a52a4647f5ed302e3c mbs2/x86_64/lib64sqlite3_0-3.8.6-1.mbs2.x86_64.rpm\n cfefad1ef4f83cceeeb34a4f2ffca442 mbs2/x86_64/lib64sqlite3-devel-3.8.6-1.mbs2.x86_64.rpm\n e976251ee0ae5c2b2a2f6a163b693e85 mbs2/x86_64/lib64sqlite3-static-devel-3.8.6-1.mbs2.x86_64.rpm\n 42018611a17d2b6480b63f0a968a796d mbs2/x86_64/nss-3.17.4-1.mbs2.x86_64.rpm\n b955454c30e482635944134eb02456e4 mbs2/x86_64/nss-doc-3.17.4-1.mbs2.noarch.rpm\n 3058267964146b7806c493ff536da63d mbs2/x86_64/rootcerts-20141117.00-1.mbs2.x86_64.rpm\n 18fc28f1ae18ddd5fe01acb77811d0e6 mbs2/x86_64/rootcerts-java-20141117.00-1.mbs2.x86_64.rpm\n 200f6a413d13d850ea084a9e42c4fc23 mbs2/x86_64/sqlite3-tcl-3.8.6-1.mbs2.x86_64.rpm\n 8c88a446098d21cf2675173e32a208e6 mbs2/x86_64/sqlite3-tools-3.8.6-1.mbs2.x86_64.rpm \n 2e494a940c3189617ff62bc15a2b14fb mbs2/SRPMS/nspr-4.10.8-1.mbs2.src.rpm\n 0a28d1c9c07909d488c7dabe92c47529 mbs2/SRPMS/nss-3.17.4-1.mbs2.src.rpm\n 10dcc357bb0bbdc22e7dd308074d037b mbs2/SRPMS/rootcerts-20141117.00-1.mbs2.src.rpm\n df412cc892bb40e1d7345079a25c0bbb mbs2/SRPMS/sqlite3-3.8.6-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVAvuLmqjQ0CJFipgRArOfAKDn7F7m/ZnJATspmFD0k083yGXQJwCdHAzw\nP1QqaGn3HFIH8gKR7XVcRAA=\n=ZF+9\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1568"
},
{
"db": "CERT/CC",
"id": "VU#772676"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004409"
},
{
"db": "VULHUB",
"id": "VHN-69507"
},
{
"db": "VULMON",
"id": "CVE-2014-1568"
},
{
"db": "PACKETSTORM",
"id": "128390"
},
{
"db": "PACKETSTORM",
"id": "128471"
},
{
"db": "PACKETSTORM",
"id": "128400"
},
{
"db": "PACKETSTORM",
"id": "128537"
},
{
"db": "PACKETSTORM",
"id": "130825"
},
{
"db": "PACKETSTORM",
"id": "128391"
}
],
"trust": 3.06
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/772676",
"trust": 0.8,
"type": "poc"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-69507",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#772676"
},
{
"db": "VULHUB",
"id": "VHN-69507"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2014-1568",
"trust": 3.3
},
{
"db": "CERT/CC",
"id": "VU#772676",
"trust": 2.8
},
{
"db": "JUNIPER",
"id": "JSA10761",
"trust": 1.2
},
{
"db": "JUNIPER",
"id": "JSA10698",
"trust": 1.2
},
{
"db": "SECUNIA",
"id": "61540",
"trust": 1.2
},
{
"db": "SECUNIA",
"id": "61575",
"trust": 1.2
},
{
"db": "SECUNIA",
"id": "61583",
"trust": 1.2
},
{
"db": "SECUNIA",
"id": "61574",
"trust": 1.2
},
{
"db": "SECUNIA",
"id": "61576",
"trust": 1.2
},
{
"db": "BID",
"id": "70116",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU94190107",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004409",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201409-965",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "128537",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "128391",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "128390",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "128629",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "128400",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "128471",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "128389",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128401",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128404",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128438",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-69507",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-1568",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130825",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#772676"
},
{
"db": "VULHUB",
"id": "VHN-69507"
},
{
"db": "VULMON",
"id": "CVE-2014-1568"
},
{
"db": "PACKETSTORM",
"id": "128390"
},
{
"db": "PACKETSTORM",
"id": "128471"
},
{
"db": "PACKETSTORM",
"id": "128400"
},
{
"db": "PACKETSTORM",
"id": "128537"
},
{
"db": "PACKETSTORM",
"id": "130825"
},
{
"db": "PACKETSTORM",
"id": "128391"
},
{
"db": "PACKETSTORM",
"id": "128629"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-965"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004409"
},
{
"db": "NVD",
"id": "CVE-2014-1568"
}
]
},
"id": "VAR-201409-0340",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-69507"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T22:03:47.944000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Stable Channel Update",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/2014/09/stable-channel-update_24.html"
},
{
"title": "Stable Channel Update for Chrome OS",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/2014/09/stable-channel-update-for-chrome-os_24.html"
},
{
"title": "bug#1069405",
"trust": 0.8,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1069405"
},
{
"title": "bug#1064636 ",
"trust": 0.8,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1064636"
},
{
"title": "Network Security Services ",
"trust": 0.8,
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
},
{
"title": "NSS Releases",
"trust": 0.8,
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases"
},
{
"title": "Mozilla Foundation \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30c9\u30d0\u30a4\u30b6\u30ea 2014-73",
"trust": 0.8,
"url": "http://www.mozilla-japan.org/security/announce/2014/mfsa2014-73.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html"
},
{
"title": "Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixEM"
},
{
"title": "Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html"
},
{
"title": "Oracle Critical Patch Update Advisory - April 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html"
},
{
"title": "Oracle Critical Patch Update Advisory - July 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"title": "RHSA-2014:1307",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2014-1307.html"
},
{
"title": "RHSA-2014:1371",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2014-1371.html"
},
{
"title": "RHSA-2014:1354",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2014-1354.html"
},
{
"title": "July 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update"
},
{
"title": "January 2015 Critical Patch Update Released ",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/january_2015_critical_patch_update"
},
{
"title": "April 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update"
},
{
"title": "JSA10698",
"trust": 0.8,
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698\u0026actp=search"
},
{
"title": "37.0.2062.124_chrome_installer",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54762"
},
{
"title": "nss-3.16.5",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54742"
},
{
"title": "firefox-32.0.3.source",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54746"
},
{
"title": "Firefox Setup 31.1.1esr",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54750"
},
{
"title": "Thunderbird 24.8.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54754"
},
{
"title": "thunderbird-31.1.2.source",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54758"
},
{
"title": "nss-3.16.2.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54741"
},
{
"title": "Firefox 32.0.3",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54745"
},
{
"title": "firefox-24.8.1esr.source",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54749"
},
{
"title": "Thunderbird Setup 24.8.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54753"
},
{
"title": "Thunderbird 31.1.2",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54757"
},
{
"title": "seamonkey-2.29.1.source",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54761"
},
{
"title": "Firefox Setup 32.0.3",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54744"
},
{
"title": "Firefox 24.8.1esr",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54748"
},
{
"title": "firefox-31.1.1esr.source",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54752"
},
{
"title": "Thunderbird Setup 31.1.2",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54756"
},
{
"title": "SeaMonkey 2.29.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54760"
},
{
"title": "nss-3.17.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54743"
},
{
"title": "Firefox Setup 24.8.1esr",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54747"
},
{
"title": "Firefox 31.1.1esr",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54751"
},
{
"title": "thunderbird-24.8.1.source",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54755"
},
{
"title": "SeaMonkey Setup 2.29.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54759"
},
{
"title": "37.0.2062.120_chrome_installer_win64",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54763"
},
{
"title": "Ubuntu Security Notice: nss vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2361-1"
},
{
"title": "Ubuntu Security Notice: thunderbird vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2360-2"
},
{
"title": "Ubuntu Security Notice: firefox vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2360-1"
},
{
"title": "Debian Security Advisories: DSA-3037-1 icedove -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0cdafb45f65b45c32ba28a252cf69aca"
},
{
"title": "Debian Security Advisories: DSA-3033-1 nss -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=95a616cbe615a00b3319e7f0c0cc52a9"
},
{
"title": "Debian Security Advisories: DSA-3034-1 iceweasel -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0b8977bbd67dd6b7595c4a471981c654"
},
{
"title": "Amazon Linux AMI: ALAS-2014-422",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2014-422"
},
{
"title": "Amazon Linux AMI: ALAS-2014-423",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2014-423"
},
{
"title": "Mozilla: Mozilla Foundation Security Advisory 2014-73",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=2014-73"
},
{
"title": "Amazon Linux AMI: ALAS-2014-424",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2014-424"
},
{
"title": "Red Hat: CVE-2014-1568",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-1568"
},
{
"title": "Symantec Security Advisories: SA84 : BERserk NSS Signature Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=f467357487965e566960830bb4f9f807"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
},
{
"title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=6c15273f6bf4a785175f27073b98a1ce"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655"
},
{
"title": "Publications",
"trust": 0.1,
"url": "https://github.com/abazhaniuk/Publications "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-1568"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-965"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004409"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69507"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004409"
},
{
"db": "NVD",
"id": "CVE-2014-1568"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.4,
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-73.html"
},
{
"trust": 2.6,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1069405"
},
{
"trust": 2.6,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1064636"
},
{
"trust": 2.1,
"url": "http://www.kb.cert.org/vuls/id/772676"
},
{
"trust": 1.8,
"url": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html"
},
{
"trust": 1.8,
"url": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html"
},
{
"trust": 1.6,
"url": "http://www.imc.org/ietf-openpgp/mail-archive/msg06063.html"
},
{
"trust": 1.4,
"url": "http://www.ubuntu.com/usn/usn-2360-1"
},
{
"trust": 1.3,
"url": "http://rhn.redhat.com/errata/rhsa-2014-1354.html"
},
{
"trust": 1.3,
"url": "http://rhn.redhat.com/errata/rhsa-2014-1371.html"
},
{
"trust": 1.3,
"url": "http://www.ubuntu.com/usn/usn-2360-2"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/70116"
},
{
"trust": 1.2,
"url": "http://www.novell.com/support/kb/doc.php?id=7015701"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"trust": 1.2,
"url": "http://www.debian.org/security/2014/dsa-3033"
},
{
"trust": 1.2,
"url": "http://www.debian.org/security/2014/dsa-3034"
},
{
"trust": 1.2,
"url": "http://www.debian.org/security/2014/dsa-3037"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2014-1307.html"
},
{
"trust": 1.2,
"url": "http://secunia.com/advisories/61540"
},
{
"trust": 1.2,
"url": "http://secunia.com/advisories/61574"
},
{
"trust": 1.2,
"url": "http://secunia.com/advisories/61575"
},
{
"trust": 1.2,
"url": "http://secunia.com/advisories/61576"
},
{
"trust": 1.2,
"url": "http://secunia.com/advisories/61583"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00032.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00036.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00039.html"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-2361-1"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96194"
},
{
"trust": 1.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10698"
},
{
"trust": 1.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1568"
},
{
"trust": 0.8,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss"
},
{
"trust": 0.8,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_releases"
},
{
"trust": 0.8,
"url": "https://www.ietf.org/rfc/rfc2313.txt"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/pkcs#1"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94190107/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1568"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc2313"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1568"
},
{
"trust": 0.4,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2014-1568.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10698"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10761"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/310.html"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2361-1/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-1568"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/thunderbird/1:31.1.2+build1-0ubuntu0.12.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/thunderbird/1:31.1.2+build1-0ubuntu0.14.04.1"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-7169.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-7186.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-7186"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-7187.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/ht"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-7169"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-6271.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-7187"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1492"
},
{
"trust": 0.1,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.16.2_release_notes"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1492"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.17.2_release_notes"
},
{
"trust": 0.1,
"url": "https://www.mozilla.org/en-us/security/advisories/mfsa2014-55/"
},
{
"trust": 0.1,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.17.1_release_notes"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1569"
},
{
"trust": 0.1,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.17_release_notes"
},
{
"trust": 0.1,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.16_release_notes"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.16.1_release_notes"
},
{
"trust": 0.1,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.17.3_release_notes"
},
{
"trust": 0.1,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.16.3_release_notes"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1569"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1545"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1545"
},
{
"trust": 0.1,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.17.4_release_notes"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1544"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/32.0.3+build1-0ubuntu0.14.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/32.0.3+build1-0ubuntu0.12.04.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#772676"
},
{
"db": "VULHUB",
"id": "VHN-69507"
},
{
"db": "VULMON",
"id": "CVE-2014-1568"
},
{
"db": "PACKETSTORM",
"id": "128390"
},
{
"db": "PACKETSTORM",
"id": "128471"
},
{
"db": "PACKETSTORM",
"id": "128400"
},
{
"db": "PACKETSTORM",
"id": "128537"
},
{
"db": "PACKETSTORM",
"id": "130825"
},
{
"db": "PACKETSTORM",
"id": "128391"
},
{
"db": "PACKETSTORM",
"id": "128629"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-965"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004409"
},
{
"db": "NVD",
"id": "CVE-2014-1568"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#772676",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-69507",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2014-1568",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "128390",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "128471",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "128400",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "128537",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "130825",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "128391",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "128629",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201409-965",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004409",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2014-1568",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2014-09-24T00:00:00",
"db": "CERT/CC",
"id": "VU#772676",
"ident": null
},
{
"date": "2014-09-25T00:00:00",
"db": "VULHUB",
"id": "VHN-69507",
"ident": null
},
{
"date": "2014-09-25T00:00:00",
"db": "VULMON",
"id": "CVE-2014-1568",
"ident": null
},
{
"date": "2014-09-25T00:06:20",
"db": "PACKETSTORM",
"id": "128390",
"ident": null
},
{
"date": "2014-09-30T00:19:30",
"db": "PACKETSTORM",
"id": "128471",
"ident": null
},
{
"date": "2014-09-25T15:11:43",
"db": "PACKETSTORM",
"id": "128400",
"ident": null
},
{
"date": "2014-10-03T00:57:40",
"db": "PACKETSTORM",
"id": "128537",
"ident": null
},
{
"date": "2015-03-16T15:40:11",
"db": "PACKETSTORM",
"id": "130825",
"ident": null
},
{
"date": "2014-09-25T00:06:28",
"db": "PACKETSTORM",
"id": "128391",
"ident": null
},
{
"date": "2014-10-10T23:23:00",
"db": "PACKETSTORM",
"id": "128629",
"ident": null
},
{
"date": "2014-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-965",
"ident": null
},
{
"date": "2014-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004409",
"ident": null
},
{
"date": "2014-09-25T17:55:04.387000",
"db": "NVD",
"id": "CVE-2014-1568",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2014-09-24T00:00:00",
"db": "CERT/CC",
"id": "VU#772676",
"ident": null
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-69507",
"ident": null
},
{
"date": "2017-08-29T00:00:00",
"db": "VULMON",
"id": "CVE-2014-1568",
"ident": null
},
{
"date": "2014-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-965",
"ident": null
},
{
"date": "2015-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004409",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-1568",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "128537"
},
{
"db": "PACKETSTORM",
"id": "128629"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-965"
}
],
"trust": 0.8
},
"title": {
"_id": null,
"data": "Mozilla Network Security Services (NSS) fails to properly verify RSA signatures",
"sources": [
{
"db": "CERT/CC",
"id": "VU#772676"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-965"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…