QwikSec

Security Database

CVE

CWE

Training

CVE-2014-1568

Published: Sep 25, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

x_refsource_CONFIRM

third-party-advisory

x_refsource_CERT-VN

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_UBUNTU

mozilla-nss-cve20141568-sec-bypass(96194)

vdb-entry

x_refsource_XF

http://www.novell.com/support/kb/doc.php?id=7015701

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

https://bugzilla.mozilla.org/show_bug.cgi?id=1069405

x_refsource_CONFIRM

https://bugzilla.mozilla.org/show_bug.cgi?id=1064636

x_refsource_CONFIRM

SUSE-SU-2014:1220

vendor-advisory

x_refsource_SUSE

http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html

x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

x_refsource_CONFIRM

http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_GENTOO

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_DEBIAN

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_DEBIAN

openSUSE-SU-2014:1224

vendor-advisory

x_refsource_SUSE

http://www.mozilla.org/security/announce/2014/mfsa2014-73.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

openSUSE-SU-2014:1232

vendor-advisory

x_refsource_SUSE

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.