Mozilla Foundation Security Advisory 2014-12
NSS ticket handling issues
- Announced
- February 4, 2014
- Reporter
- Brian Smith, Antoine Delignat-Lavaud, Karthikeyan Bhargavan
- Impact
- High
- Products
- Firefox, Firefox ESR, SeaMonkey, Thunderbird
- Fixed in
-
- Firefox 27
- Firefox ESR 24.3
- SeaMonkey 2.24
- Thunderbird 24.3
Description
Mozilla developer Brian Smith and security researchers
Antoine Delignat-Lavaud and Karthikeyan
Bhargavan of the Prosecco research team at INRIA Paris reported issues
with ticket handling in the Network Security Services (NSS) libraries. These
have been addressed in the NSS 3.15.4 release, shipping on affected platforms.
References