Vulnerability in Mozilla Firefox
CVE-2014-1491
Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Di…
EPSS: 0.005 (67.5th percentile) — read the EPSS interpretation.
Affected products
- Mozilla Firefox
- Mozilla Network_security_services
- Mozilla Seamonkey
- Mozilla Thunderbird
- Oracle Enterprise_manager_ops_center — versions 12.2.0, 12.2.1, 12.3.0
- Oracle Vm_server — versions 3.2
- Canonical Ubuntu_linux — versions 12.04, 12.10, 13.10
- Debian Debian_linux — versions 7.0, 8.0
- Fedoraproject Fedora — versions 19, 20
- Opensuse — versions 11.4, 12.3, 13.1
Weakness classification (CWE)
References
- USN-2119-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
- security@mozilla.org (x_refsource_CONFIRM, Third Party Advisory)
- 1029721 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
- security@mozilla.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
- openSUSE-SU-2014:0212 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- firefox-nss-cve20141491-unspecified(90886) (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_XF)
- 1029717 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
- security@mozilla.org (x_refsource_CONFIRM, Not Applicable)
- DSA-2994 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
- 65332 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)