Back to search
CVE-2014-1491
Published: Feb 6, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
USN-2119-1
vendor-advisory
x_refsource_UBUNTU
1029721
vdb-entry
x_refsource_SECTRACK
http://hg.mozilla.org/projects/nss/rev/12c42006aed8
x_refsource_CONFIRM
openSUSE-SU-2014:0212
vendor-advisory
x_refsource_SUSE
firefox-nss-cve20141491-unspecified(90886)
vdb-entry
x_refsource_XF
1029717
vdb-entry
x_refsource_SECTRACK
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
x_refsource_CONFIRM
DSA-2994
vendor-advisory
x_refsource_DEBIAN
65332
vdb-entry
x_refsource_BID
56922
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.mozilla.org/show_bug.cgi?id=934545
x_refsource_CONFIRM
1029720
vdb-entry
x_refsource_SECTRACK
56858
third-party-advisory
x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
x_refsource_CONFIRM
DSA-2858
vendor-advisory
x_refsource_DEBIAN
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
mailing-list
x_refsource_BUGTRAQ
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
x_refsource_CONFIRM
USN-2102-2
vendor-advisory
x_refsource_UBUNTU
GLSA-201504-01
vendor-advisory
x_refsource_GENTOO
http://www.mozilla.org/security/announce/2014/mfsa2014-12.html
x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
x_refsource_CONFIRM
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
x_refsource_CONFIRM
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
mailing-list
x_refsource_FULLDISC
56888
third-party-advisory
x_refsource_SECUNIA
FEDORA-2014-2083
vendor-advisory
x_refsource_FEDORA
openSUSE-SU-2014:0419
vendor-advisory
x_refsource_SUSE
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
x_refsource_CONFIRM
FEDORA-2014-2041
vendor-advisory
x_refsource_FEDORA
SUSE-SU-2014:0248
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2014:0213
vendor-advisory
x_refsource_SUSE
USN-2102-1
vendor-advisory
x_refsource_UBUNTU
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now