Vulnerability in Mozilla Firefox

CVE-2014-1490

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote atta…

Vulnerability class: Race Condition

EPSS: 0.016 (81.9th percentile) — read the EPSS interpretation.

Affected products

Mozilla Firefox
Mozilla Network_security_services
Mozilla Seamonkey
Mozilla Thunderbird
Oracle Enterprise_manager_ops_center — versions 12.2.0, 12.2.1, 12.3.0
Oracle Vm_server — versions 3.2
Canonical Ubuntu_linux — versions 12.04, 12.10, 13.10
Debian Debian_linux — versions 7.0
Fedoraproject Fedora — versions 19, 20
Opensuse — versions 11.4, 12.3, 13.1

Weakness classification (CWE)

CWE-362 — Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

References

USN-2119-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
security@mozilla.org (x_refsource_CONFIRM, Third Party Advisory)
65335 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
1029721 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
openSUSE-SU-2014:0212 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
1029717 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
security@mozilla.org (x_refsource_CONFIRM, Not Applicable)
security@mozilla.org (x_refsource_CONFIRM, URL Repurposed, Broken Link)
56922 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
56787 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)