Published: 23/07/2014 Updated: 07/01/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox prior to 31.0, Firefox ESR 24.x prior to 24.7, and Thunderbird prior to 24.7, allows remote malicious users to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox esr 24.6
mozilla thunderbird
mozilla thunderbird 24.3
mozilla thunderbird 24.4
mozilla firefox esr 24.3
mozilla firefox esr 24.4
mozilla network security services 3.12.1
mozilla network security services 3.12.10
mozilla network security services 3.12.5
mozilla network security services 3.12.6
mozilla network security services 3.14.3
mozilla network security services 3.14.4
mozilla network security services 3.15.5
mozilla network security services 3.16
mozilla network security services 3.4.1
mozilla network security services 3.4.2
mozilla network security services 3.7.3
mozilla network security services 3.7.5
mozilla thunderbird 24.0.1
mozilla thunderbird 24.1
mozilla firefox esr 24.0.2
mozilla firefox esr 24.1.0
mozilla network security services 3.11.2
mozilla network security services 3.11.3
mozilla network security services 3.11.4
mozilla network security services 3.12.3
mozilla network security services 3.12.3.1
mozilla network security services 3.12.9
mozilla network security services 3.14
mozilla network security services 3.15.1
mozilla network security services 3.15.2
mozilla network security services 3.15.3
mozilla network security services 3.3
mozilla network security services 3.3.1
mozilla network security services 3.6.1
mozilla network security services 3.7
mozilla thunderbird 24.5
mozilla thunderbird 24.0
mozilla firefox esr 24.0
mozilla firefox esr 24.0.1
mozilla firefox esr 24.5
mozilla firefox
mozilla network security services 3.12.11
mozilla network security services 3.12.2
mozilla network security services 3.12.7
mozilla network security services 3.12.8
mozilla network security services 3.14.5
mozilla network security services 3.15
mozilla network security services 3.2
mozilla network security services 3.2.1
mozilla network security services 3.5
mozilla network security services 3.6
mozilla network security services 3.7.7
mozilla network security services 3.8
mozilla network security services 3.9
mozilla thunderbird 24.1.1
mozilla thunderbird 24.2
mozilla firefox esr 24.1.1
mozilla firefox esr 24.2
mozilla network security services 3.11.5
mozilla network security services 3.12
mozilla network security services 3.12.3.2
mozilla network security services 3.12.4
mozilla network security services 3.14.1
mozilla network security services 3.14.2
mozilla network security services 3.15.3.1
mozilla network security services 3.15.4
mozilla network security services 3.3.2
mozilla network security services 3.4
mozilla network security services 3.7.1
mozilla network security services 3.7.2

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

NSS could be made to crash or run programs as your login if it processed a specially crafted certificate ...

Several security issues were fixed in Thunderbird ...

In nss, a set of libraries designed to support cross-platform development of security-enabled client and server applications, Tyson Smith and Jesse Schwartzentruber discovered a use-after-free vulnerability that allows remote attackers to execute arbitrary code by triggering the improper removal of an NSSCertificate structure from a trust domain F ...

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service For the stable distribution (wheezy), these problems have been fixed in version 2470-1~deb7u1 For the unstable d ...

Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3so in Mozilla Network Security Services (NSS) 3x, as used in Firefox before 310, Firefox ESR 24x before 247, and Thunderbird before 247, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structu ...

Mozilla Foundation Security Advisory 2014-63 Use-after-free while when manipulating certificates in the trusted cache Announced July 22, 2014 Reporter Tyson Smith, Jesse Schwartzentruber Impact High Products Firefox, Firefox ...

NVD-CWE-Other http://www.mozilla.org/security/announce/2014/mfsa2014-63.html https://bugzilla.mozilla.org/show_bug.cgi?id=963150 http://www.debian.org/security/2014/dsa-2986 http://www.debian.org/security/2014/dsa-2996 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/68816 https://security.gentoo.org/glsa/201504-01 http://www.securitytracker.com/id/1030617 http://secunia.com/advisories/60628 http://secunia.com/advisories/60621 http://secunia.com/advisories/60486 http://secunia.com/advisories/60083 http://secunia.com/advisories/59760 http://secunia.com/advisories/59719 http://secunia.com/advisories/59591 https://nvd.nist.gov https://usn.ubuntu.com/2295-1/

CVE-2014-1544

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect