Vulnerability-Lookup

GHSA-7399-WC2P-9Q6P

Vulnerability from github – Published: 2022-05-17 01:27 – Updated: 2022-05-17 01:27

Details

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-1568"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-09-25T17:55:00Z",
    "severity": "HIGH"
  },
  "details": "Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a \"signature malleability\" issue.",
  "id": "GHSA-7399-wc2p-9q6p",
  "modified": "2022-05-17T01:27:11Z",
  "published": "2022-05-17T01:27:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1568"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1064636"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1069405"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96194"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201504-01"
    },
    {
      "type": "WEB",
      "url": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html"
    },
    {
      "type": "WEB",
      "url": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html"
    },
    {
      "type": "WEB",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698"
    },
    {
      "type": "WEB",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00032.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00036.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00039.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1307.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1354.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1371.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/61540"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/61574"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/61575"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/61576"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/61583"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2014/dsa-3033"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2014/dsa-3034"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2014/dsa-3037"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/772676"
    },
    {
      "type": "WEB",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-73.html"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/support/kb/doc.php?id=7015701"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/70116"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2360-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2360-2"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2361-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2014-1568 (GCVE-0-2014-1568)

Vulnerability from cvelistv5 – Published: 2014-09-25 17:00 – Updated: 2024-08-06 09:42

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mozilla

References

URL

Tags

	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://www.kb.cert.org/vuls/id/772676	third-party-advisoryx_refsource_CERT-VN
	http://kb.juniper.net/InfoCenter/index?page=conte…	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2014-1307.html	vendor-advisoryx_refsource_REDHAT
	http://www.securityfocus.com/bid/70116	vdb-entryx_refsource_BID
	http://www.ubuntu.com/usn/USN-2360-1	vendor-advisoryx_refsource_UBUNTU
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.novell.com/support/kb/doc.php?id=7015701	x_refsource_CONFIRM
	http://secunia.com/advisories/61575	third-party-advisoryx_refsource_SECUNIA
	https://bugzilla.mozilla.org/show_bug.cgi?id=1069405	x_refsource_CONFIRM
	https://bugzilla.mozilla.org/show_bug.cgi?id=1064636	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://googlechromereleases.blogspot.com/2014/09/…	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://googlechromereleases.blogspot.com/2014/09/…	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201504-01	vendor-advisoryx_refsource_GENTOO
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://secunia.com/advisories/61574	third-party-advisoryx_refsource_SECUNIA
	http://www.ubuntu.com/usn/USN-2361-1	vendor-advisoryx_refsource_UBUNTU
	http://www.debian.org/security/2014/dsa-3033	vendor-advisoryx_refsource_DEBIAN
	http://kb.juniper.net/InfoCenter/index?page=conte…	x_refsource_CONFIRM
	http://www.debian.org/security/2014/dsa-3034	vendor-advisoryx_refsource_DEBIAN
	http://rhn.redhat.com/errata/RHSA-2014-1371.html	vendor-advisoryx_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2014-1354.html	vendor-advisoryx_refsource_REDHAT
	http://www.debian.org/security/2014/dsa-3037	vendor-advisoryx_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.mozilla.org/security/announce/2014/mfs…	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2360-2	vendor-advisoryx_refsource_UBUNTU
	http://secunia.com/advisories/61540	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/61576	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/61583	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:42:36.192Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "VU#772676",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/772676"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698"
          },
          {
            "name": "RHSA-2014:1307",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1307.html"
          },
          {
            "name": "70116",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/70116"
          },
          {
            "name": "USN-2360-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2360-1"
          },
          {
            "name": "mozilla-nss-cve20141568-sec-bypass(96194)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96194"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.novell.com/support/kb/doc.php?id=7015701"
          },
          {
            "name": "61575",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61575"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1069405"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1064636"
          },
          {
            "name": "SUSE-SU-2014:1220",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00032.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html"
          },
          {
            "name": "GLSA-201504-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201504-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "61574",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61574"
          },
          {
            "name": "USN-2361-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2361-1"
          },
          {
            "name": "DSA-3033",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3033"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
          },
          {
            "name": "DSA-3034",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3034"
          },
          {
            "name": "RHSA-2014:1371",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1371.html"
          },
          {
            "name": "RHSA-2014:1354",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1354.html"
          },
          {
            "name": "DSA-3037",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3037"
          },
          {
            "name": "openSUSE-SU-2014:1224",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00036.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-73.html"
          },
          {
            "name": "USN-2360-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2360-2"
          },
          {
            "name": "61540",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61540"
          },
          {
            "name": "61576",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61576"
          },
          {
            "name": "openSUSE-SU-2014:1232",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00039.html"
          },
          {
            "name": "61583",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61583"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-09-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a \"signature malleability\" issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "VU#772676",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/772676"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698"
        },
        {
          "name": "RHSA-2014:1307",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1307.html"
        },
        {
          "name": "70116",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/70116"
        },
        {
          "name": "USN-2360-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2360-1"
        },
        {
          "name": "mozilla-nss-cve20141568-sec-bypass(96194)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96194"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.novell.com/support/kb/doc.php?id=7015701"
        },
        {
          "name": "61575",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61575"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1069405"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1064636"
        },
        {
          "name": "SUSE-SU-2014:1220",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00032.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html"
        },
        {
          "name": "GLSA-201504-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201504-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "61574",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61574"
        },
        {
          "name": "USN-2361-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2361-1"
        },
        {
          "name": "DSA-3033",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3033"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
        },
        {
          "name": "DSA-3034",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3034"
        },
        {
          "name": "RHSA-2014:1371",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1371.html"
        },
        {
          "name": "RHSA-2014:1354",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1354.html"
        },
        {
          "name": "DSA-3037",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3037"
        },
        {
          "name": "openSUSE-SU-2014:1224",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00036.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-73.html"
        },
        {
          "name": "USN-2360-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2360-2"
        },
        {
          "name": "61540",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61540"
        },
        {
          "name": "61576",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61576"
        },
        {
          "name": "openSUSE-SU-2014:1232",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00039.html"
        },
        {
          "name": "61583",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61583"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2014-1568",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a \"signature malleability\" issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
            },
            {
              "name": "VU#772676",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/772676"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698"
            },
            {
              "name": "RHSA-2014:1307",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1307.html"
            },
            {
              "name": "70116",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/70116"
            },
            {
              "name": "USN-2360-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2360-1"
            },
            {
              "name": "mozilla-nss-cve20141568-sec-bypass(96194)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96194"
            },
            {
              "name": "http://www.novell.com/support/kb/doc.php?id=7015701",
              "refsource": "CONFIRM",
              "url": "http://www.novell.com/support/kb/doc.php?id=7015701"
            },
            {
              "name": "61575",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61575"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1069405",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1069405"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1064636",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1064636"
            },
            {
              "name": "SUSE-SU-2014:1220",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00032.html"
            },
            {
              "name": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html",
              "refsource": "CONFIRM",
              "url": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
            },
            {
              "name": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html",
              "refsource": "CONFIRM",
              "url": "http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html"
            },
            {
              "name": "GLSA-201504-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201504-01"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "61574",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61574"
            },
            {
              "name": "USN-2361-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2361-1"
            },
            {
              "name": "DSA-3033",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3033"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
            },
            {
              "name": "DSA-3034",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3034"
            },
            {
              "name": "RHSA-2014:1371",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1371.html"
            },
            {
              "name": "RHSA-2014:1354",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1354.html"
            },
            {
              "name": "DSA-3037",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3037"
            },
            {
              "name": "openSUSE-SU-2014:1224",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00036.html"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-73.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-73.html"
            },
            {
              "name": "USN-2360-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2360-2"
            },
            {
              "name": "61540",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61540"
            },
            {
              "name": "61576",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61576"
            },
            {
              "name": "openSUSE-SU-2014:1232",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00039.html"
            },
            {
              "name": "61583",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61583"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2014-1568",
    "datePublished": "2014-09-25T17:00:00",
    "dateReserved": "2014-01-16T00:00:00",
    "dateUpdated": "2024-08-06T09:42:36.192Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-7399-WC2P-9Q6P

CVE-2014-1568 (GCVE-0-2014-1568)

Tags

Sightings

Nomenclature