CVE-2014-1491 (GCVE-0-2014-1491)

Vulnerability from cvelistv5 – Published: 2014-02-06 02:00 – Updated: 2024-08-06 09:42
VLAI?
Summary
Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.ubuntu.com/usn/USN-2119-1 vendor-advisoryx_refsource_UBUNTU
http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
http://www.securitytracker.com/id/1029721 vdb-entryx_refsource_SECTRACK
http://hg.mozilla.org/projects/nss/rev/12c42006aed8 x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.securitytracker.com/id/1029717 vdb-entryx_refsource_SECTRACK
http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
http://www.debian.org/security/2014/dsa-2994 vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/65332 vdb-entryx_refsource_BID
http://secunia.com/advisories/56922 third-party-advisoryx_refsource_SECUNIA
https://bugzilla.mozilla.org/show_bug.cgi?id=934545 x_refsource_CONFIRM
http://www.securitytracker.com/id/1029720 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/56858 third-party-advisoryx_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
http://www.debian.org/security/2014/dsa-2858 vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/archive/1/534161/100… mailing-listx_refsource_BUGTRAQ
http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2102-2 vendor-advisoryx_refsource_UBUNTU
https://security.gentoo.org/glsa/201504-01 vendor-advisoryx_refsource_GENTOO
http://www.mozilla.org/security/announce/2014/mfs… x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
http://kb.juniper.net/InfoCenter/index?page=conte… x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2014/Dec/23 mailing-listx_refsource_FULLDISC
http://secunia.com/advisories/56888 third-party-advisoryx_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://www.ubuntu.com/usn/USN-2102-1 vendor-advisoryx_refsource_UBUNTU
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:42:36.031Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2119-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2119-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "1029721",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029721"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://hg.mozilla.org/projects/nss/rev/12c42006aed8"
          },
          {
            "name": "openSUSE-SU-2014:0212",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html"
          },
          {
            "name": "firefox-nss-cve20141491-unspecified(90886)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90886"
          },
          {
            "name": "1029717",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029717"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
          },
          {
            "name": "DSA-2994",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2994"
          },
          {
            "name": "65332",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/65332"
          },
          {
            "name": "56922",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/56922"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=934545"
          },
          {
            "name": "1029720",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029720"
          },
          {
            "name": "56858",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/56858"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "name": "DSA-2858",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2858"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
          },
          {
            "name": "USN-2102-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2102-2"
          },
          {
            "name": "GLSA-201504-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201504-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-12.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
          },
          {
            "name": "56888",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/56888"
          },
          {
            "name": "FEDORA-2014-2083",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html"
          },
          {
            "name": "openSUSE-SU-2014:0419",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
          },
          {
            "name": "FEDORA-2014-2041",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html"
          },
          {
            "name": "SUSE-SU-2014:0248",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html"
          },
          {
            "name": "openSUSE-SU-2014:0213",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html"
          },
          {
            "name": "USN-2102-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2102-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-02-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "USN-2119-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2119-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "1029721",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029721"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://hg.mozilla.org/projects/nss/rev/12c42006aed8"
        },
        {
          "name": "openSUSE-SU-2014:0212",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html"
        },
        {
          "name": "firefox-nss-cve20141491-unspecified(90886)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90886"
        },
        {
          "name": "1029717",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029717"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
        },
        {
          "name": "DSA-2994",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2994"
        },
        {
          "name": "65332",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/65332"
        },
        {
          "name": "56922",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/56922"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=934545"
        },
        {
          "name": "1029720",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029720"
        },
        {
          "name": "56858",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/56858"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "name": "DSA-2858",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2858"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
        },
        {
          "name": "USN-2102-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2102-2"
        },
        {
          "name": "GLSA-201504-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201504-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-12.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
        },
        {
          "name": "56888",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/56888"
        },
        {
          "name": "FEDORA-2014-2083",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html"
        },
        {
          "name": "openSUSE-SU-2014:0419",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
        },
        {
          "name": "FEDORA-2014-2041",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html"
        },
        {
          "name": "SUSE-SU-2014:0248",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html"
        },
        {
          "name": "openSUSE-SU-2014:0213",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html"
        },
        {
          "name": "USN-2102-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2102-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2014-1491",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-2119-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2119-1"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "1029721",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029721"
            },
            {
              "name": "http://hg.mozilla.org/projects/nss/rev/12c42006aed8",
              "refsource": "CONFIRM",
              "url": "http://hg.mozilla.org/projects/nss/rev/12c42006aed8"
            },
            {
              "name": "openSUSE-SU-2014:0212",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html"
            },
            {
              "name": "firefox-nss-cve20141491-unspecified(90886)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90886"
            },
            {
              "name": "1029717",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029717"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
            },
            {
              "name": "DSA-2994",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2994"
            },
            {
              "name": "65332",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/65332"
            },
            {
              "name": "56922",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/56922"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=934545",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=934545"
            },
            {
              "name": "1029720",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029720"
            },
            {
              "name": "56858",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/56858"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
            },
            {
              "name": "DSA-2858",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2858"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
            },
            {
              "name": "USN-2102-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2102-2"
            },
            {
              "name": "GLSA-201504-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201504-01"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-12.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-12.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
            },
            {
              "name": "56888",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/56888"
            },
            {
              "name": "FEDORA-2014-2083",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html"
            },
            {
              "name": "openSUSE-SU-2014:0419",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
            },
            {
              "name": "FEDORA-2014-2041",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html"
            },
            {
              "name": "SUSE-SU-2014:0248",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html"
            },
            {
              "name": "openSUSE-SU-2014:0213",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html"
            },
            {
              "name": "USN-2102-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2102-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2014-1491",
    "datePublished": "2014-02-06T02:00:00",
    "dateReserved": "2014-01-16T00:00:00",
    "dateUpdated": "2024-08-06T09:42:36.031Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"27.0\", \"matchCriteriaId\": \"86B3B84A-9D1F-4863-987C-5C958B05C523\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"24.3\", \"matchCriteriaId\": \"61098C94-A0E8-4993-8368-9E9900BAB49D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.15.4\", \"matchCriteriaId\": \"ACA8EEC7-FACD-41E8-AF9F-F8DB0D477D8C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.24\", \"matchCriteriaId\": \"328319A6-42EE-408E-91A8-87156C17AE46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"24.3.0\", \"matchCriteriaId\": \"C4295262-F0E0-4E6B-A01C-C7BF51CB011E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_ops_center:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12.1.4\", \"matchCriteriaId\": \"A70BB445-EF2B-4C9D-8502-FDD6A19F8C30\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4725EA61-9BAB-4E72-9F92-ADE4624439CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0879FB1-58E2-4EC4-8111-044642E046BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7CF2929-4CBC-4B56-87AE-F45F53BD8DD6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86:*\", \"matchCriteriaId\": \"FC9E8528-0FB8-4BF0-A9EF-6CC84A2631A1\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5991814D-CA77-4C25-90D2-DB542B17E0AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE554781-1EB9-446E-911F-6C11970C47F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFBF430B-0832-44B0-AA0E-BA9E467F7668\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A10BC294-9196-425F-9FB0-B1625465B47F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"3ED68ADD-BBDA-4485-BC76-58F011D72311\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B072472-B463-4647-885D-E40B0115C810\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*\", \"matchCriteriaId\": \"2470C6E8-2024-4CF5-9982-CFF50E88EAE9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F7F8866-DEAD-44D1-AB10-21EE611AA026\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16F59A04-14CF-49E2-9973-645477EA09DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*\", \"matchCriteriaId\": \"8D305F7A-D159-4716-AB26-5E38BB5CD991\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2076871-2E80-4605-A470-A41C1A8EC7EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F61F047-129C-41A6-8A27-FFCBB8563E91\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.\"}, {\"lang\": \"es\", \"value\": \"Mozilla Network Security Services (NSS) anterior a 3.15.4, utilizado en Mozilla Firefox anterior a 27.0, Firefox ESR 24.x anterior a 24.3, Thunderbird anterior a 24.3, SeaMonkey anterior a 2.24 y otros productos, no restringe debidamente los valores p\\u00fablicos en el intercambio de claves de Diffie-Hellman, lo que facilita a atacantes remotos evadir mecanismos de protecci\\u00f3n criptogr\\u00e1fica en el manejo de tickets mediante el aprovechamiento de un cierto valor.\"}]",
      "id": "CVE-2014-1491",
      "lastModified": "2024-11-21T02:04:23.477",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-02-06T05:44:25.127",
      "references": "[{\"url\": \"http://hg.mozilla.org/projects/nss/rev/12c42006aed8\", \"source\": \"security@mozilla.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2014/Dec/23\", \"source\": \"security@mozilla.org\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://secunia.com/advisories/56858\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/56888\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/56922\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.debian.org/security/2014/dsa-2858\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.debian.org/security/2014/dsa-2994\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.mozilla.org/security/announce/2014/mfsa2014-12.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\", \"Vendor Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/534161/100/0/threaded\", \"source\": \"security@mozilla.org\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://www.securityfocus.com/bid/65332\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1029717\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1029720\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1029721\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-2102-1\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-2102-2\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-2119-1\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2014-0012.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=934545\", \"source\": \"security@mozilla.org\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/90886\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://security.gentoo.org/glsa/201504-01\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://hg.mozilla.org/projects/nss/rev/12c42006aed8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2014/Dec/23\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://secunia.com/advisories/56858\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/56888\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/56922\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.debian.org/security/2014/dsa-2858\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.debian.org/security/2014/dsa-2994\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.mozilla.org/security/announce/2014/mfsa2014-12.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"Vendor Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/534161/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://www.securityfocus.com/bid/65332\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1029717\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1029720\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1029721\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-2102-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-2102-2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-2119-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2014-0012.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=934545\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/90886\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://security.gentoo.org/glsa/201504-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "security@mozilla.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-326\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-1491\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2014-02-06T05:44:25.127\",\"lastModified\":\"2025-11-25T17:50:16.803\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.\"},{\"lang\":\"es\",\"value\":\"Mozilla Network Security Services (NSS) anterior a 3.15.4, utilizado en Mozilla Firefox anterior a 27.0, Firefox ESR 24.x anterior a 24.3, Thunderbird anterior a 24.3, SeaMonkey anterior a 2.24 y otros productos, no restringe debidamente los valores p\u00fablicos en el intercambio de claves de Diffie-Hellman, lo que facilita a atacantes remotos evadir mecanismos de protecci\u00f3n criptogr\u00e1fica en el manejo de tickets mediante el aprovechamiento de un cierto valor.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-326\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"24.3\",\"matchCriteriaId\":\"560AF297-E823-4299-8EF1-6BC886589A9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"27.0\",\"matchCriteriaId\":\"86B3B84A-9D1F-4863-987C-5C958B05C523\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.15.4\",\"matchCriteriaId\":\"ACA8EEC7-FACD-41E8-AF9F-F8DB0D477D8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.24\",\"matchCriteriaId\":\"328319A6-42EE-408E-91A8-87156C17AE46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"24.3.0\",\"matchCriteriaId\":\"C4295262-F0E0-4E6B-A01C-C7BF51CB011E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.1.4\",\"matchCriteriaId\":\"A70BB445-EF2B-4C9D-8502-FDD6A19F8C30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4725EA61-9BAB-4E72-9F92-ADE4624439CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0879FB1-58E2-4EC4-8111-044642E046BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7CF2929-4CBC-4B56-87AE-F45F53BD8DD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"FC9E8528-0FB8-4BF0-A9EF-6CC84A2631A1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5991814D-CA77-4C25-90D2-DB542B17E0AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE554781-1EB9-446E-911F-6C11970C47F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFBF430B-0832-44B0-AA0E-BA9E467F7668\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A10BC294-9196-425F-9FB0-B1625465B47F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3ED68ADD-BBDA-4485-BC76-58F011D72311\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B072472-B463-4647-885D-E40B0115C810\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*\",\"matchCriteriaId\":\"2470C6E8-2024-4CF5-9982-CFF50E88EAE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F7F8866-DEAD-44D1-AB10-21EE611AA026\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"8D305F7A-D159-4716-AB26-5E38BB5CD991\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2076871-2E80-4605-A470-A41C1A8EC7EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F61F047-129C-41A6-8A27-FFCBB8563E91\"}]}]}],\"references\":[{\"url\":\"http://hg.mozilla.org/projects/nss/rev/12c42006aed8\",\"source\":\"security@mozilla.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2014/Dec/23\",\"source\":\"security@mozilla.org\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/56858\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/56888\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/56922\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2014/dsa-2858\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2014/dsa-2994\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mozilla.org/security/announce/2014/mfsa2014-12.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/534161/100/0/threaded\",\"source\":\"security@mozilla.org\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.securityfocus.com/bid/65332\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1029717\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1029720\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1029721\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2102-1\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2102-2\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2119-1\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2014-0012.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=934545\",\"source\":\"security@mozilla.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/90886\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://security.gentoo.org/glsa/201504-01\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://hg.mozilla.org/projects/nss/rev/12c42006aed8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2014/Dec/23\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/56858\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/56888\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/56922\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2014/dsa-2858\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2014/dsa-2994\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mozilla.org/security/announce/2014/mfsa2014-12.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/534161/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.securityfocus.com/bid/65332\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1029717\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1029720\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1029721\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2102-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2102-2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2119-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2014-0012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=934545\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/90886\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://security.gentoo.org/glsa/201504-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.