The crypto.generateCRMFRequest method in Mozilla Firefox prior to 28.0 and SeaMonkey prior to 2.25 does not properly validate a certain key type, which allows remote malicious users to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
suse linux enterprise server 11 |
||
suse linux enterprise desktop 11 |
||
suse linux enterprise software development kit 11 |
||
oracle solaris 11.3 |
||
opensuse opensuse 13.1 |
||
opensuse project opensuse 12.3 |
||
opensuse project opensuse 11.4 |
||
mozilla seamonkey |
||
mozilla firefox |