Vulnerability in Mozilla Firefox
CVE-2014-1544
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote att…
EPSS: 0.033 (87.4th percentile) — read the EPSS interpretation.
Affected products
- Mozilla Firefox — versions 24.0, 24.0.1, 24.0.2
- Mozilla Firefox_esr — versions 24.2, 24.3, 24.4
- Mozilla Network_security_services — versions 3.2, 3.2.1, 3.3
- Mozilla Thunderbird — versions 24.0, 24.0.1, 24.1
- N/a — versions n/a
References
- security@mozilla.org (x_refsource_CONFIRM)
- 59719 (x_refsource_SECUNIA, third-party-advisory)
- 60083 (x_refsource_SECUNIA, third-party-advisory)
- 68816 (vdb-entry, x_refsource_BID)
- security@mozilla.org (x_refsource_CONFIRM, Vendor Advisory)
- 60621 (x_refsource_SECUNIA, third-party-advisory)
- GLSA-201504-01 (vendor-advisory, x_refsource_GENTOO)
- security@mozilla.org (x_refsource_CONFIRM)
- 1030617 (vdb-entry, x_refsource_SECTRACK)
- DSA-2996 (vendor-advisory, x_refsource_DEBIAN)