Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2014-1568

Published: 25/09/2014 Updated: 29/08/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Chrome

Vulnerability Summary

Mozilla Network Security Services (NSS) prior to 3.16.2.1, 3.16.x prior to 3.16.5, and 3.17.x prior to 3.17.1, as used in Mozilla Firefox prior to 32.0.3, Mozilla Firefox ESR 24.x prior to 24.8.1 and 31.x prior to 31.1.1, Mozilla Thunderbird prior to 24.8.1 and 31.x prior to 31.1.2, Mozilla SeaMonkey prior to 2.29.1, Google Chrome prior to 37.0.2062.124 on Windows and OS X, and Google Chrome OS prior to 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote malicious users to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

mozilla network security services 3.11.2

mozilla network security services 3.11.3

mozilla network security services 3.12.2

mozilla network security services 3.12.3

mozilla network security services 3.12.9

mozilla network security services 3.14

mozilla network security services 3.15.1

mozilla network security services 3.15.2

mozilla network security services

mozilla network security services 3.16.3

mozilla network security services 3.16.4

mozilla network security services 3.4.1

mozilla network security services 3.4.2

mozilla network security services 3.7.3

mozilla network security services 3.7.5

mozilla firefox esr 31.0

mozilla firefox esr 31.1.0

mozilla seamonkey 2.26

mozilla seamonkey 2.25

mozilla seamonkey 2.23

mozilla seamonkey 2.22.1

mozilla seamonkey 2.20

mozilla seamonkey 2.2

mozilla seamonkey 2.18

mozilla seamonkey 2.17

mozilla seamonkey 2.16

mozilla seamonkey 2.15.2

mozilla seamonkey 2.15

mozilla seamonkey 2.13.2

mozilla seamonkey 2.13.1

mozilla seamonkey 2.12.1

mozilla seamonkey 2.12

mozilla seamonkey 2.11

mozilla seamonkey 2.10

mozilla seamonkey 2.1

mozilla seamonkey 2.0.5

mozilla seamonkey 2.0.4

mozilla seamonkey 2.0.1

mozilla seamonkey 2.0

mozilla seamonkey 1.5.0.9

mozilla seamonkey 1.1.5

mozilla seamonkey 1.1.4

mozilla seamonkey 1.1.14

mozilla seamonkey 1.1.13

mozilla seamonkey 1.1

mozilla seamonkey 1.0.9

mozilla seamonkey 1.0.2

mozilla seamonkey 1.0.1

mozilla network security services 3.12.10

mozilla network security services 3.12.11

mozilla network security services 3.12.7

mozilla network security services 3.12.8

mozilla network security services 3.14.5

mozilla network security services 3.15

mozilla network security services 3.16

mozilla network security services 3.16.1

mozilla network security services 3.3.2

mozilla network security services 3.4

mozilla network security services 3.7.1

mozilla network security services 3.7.2

mozilla firefox 32.0.1

mozilla firefox

mozilla firefox esr 24.8.0

mozilla seamonkey

mozilla seamonkey 2.24

mozilla seamonkey 2.19

mozilla seamonkey 2.14

mozilla seamonkey 2.13

mozilla seamonkey 2.10.1

mozilla seamonkey 2.0.7

mozilla seamonkey 2.0.6

mozilla seamonkey 2.0.12

mozilla seamonkey 2.0.11

mozilla seamonkey 2.0.10

mozilla seamonkey 1.1.7

mozilla seamonkey 1.1.6

mozilla seamonkey 1.1.16

mozilla seamonkey 1.1.15

mozilla seamonkey 1.0.4

mozilla seamonkey 1.0.3

mozilla network security services 3.11.4

mozilla network security services 3.11.5

mozilla network security services 3.12.3.1

mozilla network security services 3.12.3.2

mozilla network security services 3.12.4

mozilla network security services 3.14.1

mozilla network security services 3.14.2

mozilla network security services 3.15.3

mozilla network security services 3.15.3.1

mozilla network security services 3.2

mozilla network security services 3.2.1

mozilla network security services 3.5

mozilla network security services 3.6

mozilla network security services 3.7.7

mozilla network security services 3.8

mozilla thunderbird

mozilla thunderbird 31.0

mozilla seamonkey 2.22

mozilla seamonkey 2.16.2

mozilla seamonkey 2.16.1

mozilla seamonkey 2.15.1

mozilla seamonkey 2.0.3

mozilla seamonkey 2.0.2

mozilla seamonkey 1.5.0.8

mozilla seamonkey 1.5.0.10

mozilla seamonkey 1.1.3

mozilla seamonkey 1.1.2

mozilla seamonkey 1.1.12

mozilla seamonkey 1.1.11

mozilla seamonkey 1.0.8

mozilla seamonkey 1.0.7

mozilla seamonkey 1.0

mozilla network security services 3.12

mozilla network security services 3.12.1

mozilla network security services 3.12.5

mozilla network security services 3.12.6

mozilla network security services 3.14.3

mozilla network security services 3.14.4

mozilla network security services 3.15.4

mozilla network security services 3.15.5

mozilla network security services 3.3

mozilla network security services 3.3.1

mozilla network security services 3.6.1

mozilla network security services 3.7

mozilla network security services 3.9

mozilla firefox 32.0.2

mozilla thunderbird 31.1.0

mozilla thunderbird 31.1.1

mozilla seamonkey 2.21

mozilla seamonkey 2.17.1

mozilla seamonkey 2.0.9

mozilla seamonkey 2.0.8

mozilla seamonkey 2.0.14

mozilla seamonkey 2.0.13

mozilla seamonkey 1.1.9

mozilla seamonkey 1.1.8

mozilla seamonkey 1.1.19

mozilla seamonkey 1.1.18

mozilla seamonkey 1.1.17

mozilla seamonkey 1.1.10

mozilla seamonkey 1.1.1

mozilla seamonkey 1.0.6

mozilla seamonkey 1.0.5

google chrome 37.0.2062.102

google chrome 37.0.2062.100

google chrome 37.0.2062.20

google chrome 37.0.2062.3

google chrome 37.0.2062.0

Vendor Advisories

Ubuntu Security Notice: firefox vulnerabilities
Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet ...
Ubuntu Security Notice: thunderbird vulnerabilities
Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet ...
Ubuntu Security Notice: nss vulnerability
Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet ...
Debian Security Advisories: DSA-3034-1 iceweasel -- security update
Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library, embedded in Wheezy's Iceweasel package), was parsing ASN1 data used in signatures, making it vulnerable to a signature forgery attack An attacker could craft ASN1 data to forge RSA certificates with a valid certification chain to ...
Debian Security Advisories: DSA-3037-1 icedove -- security update
Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library, embedded in Wheezy's Icedove), was parsing ASN1 data used in signatures, making it vulnerable to a signature forgery attack An attacker could craft ASN1 data to forge RSA certificates with a valid certification chain to a trusted ...
Debian Security Advisories: DSA-3033-1 nss -- security update
Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library) was parsing ASN1 data used in signatures, making it vulnerable to a signature forgery attack An attacker could craft ASN1 data to forge RSA certificates with a valid certification chain to a trusted CA For the stable distribution ...
Mozilla: RSA Signature Forgery in NSS
Mozilla Foundation Security Advisory 2014-73 RSA Signature Forgery in NSS Announced September 24, 2014 Reporter Antoine Delignat-Lavaud Impact Critical Products Firefox, Firefox ESR, Firefox OS, NSS, SeaMonkey, Thunderbird ...
Red Hat: CVE-2014-1568
A flaw was found in the way NSS parsed ASN1 (Abstract Syntax Notation One) input from certain RSA signatures A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS ...
Amazon Linux AMI: ALAS-2014-422
A flaw was found in the way NSS parsed ASN1 (Abstract Syntax Notation One) input from certain RSA signatures A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS ...
Amazon Linux AMI: ALAS-2014-424
A flaw was found in the way NSS parsed ASN1 (Abstract Syntax Notation One) input from certain RSA signatures A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS ...
Amazon Linux AMI: ALAS-2014-423
A flaw was found in the way NSS parsed ASN1 (Abstract Syntax Notation One) input from certain RSA signatures A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS ...

References

CWE-310http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=1069405http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.htmlhttp://www.mozilla.org/security/announce/2014/mfsa2014-73.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=1064636http://www.novell.com/support/kb/doc.php?id=7015701http://www.debian.org/security/2014/dsa-3034http://www.ubuntu.com/usn/USN-2361-1http://rhn.redhat.com/errata/RHSA-2014-1371.htmlhttp://www.ubuntu.com/usn/USN-2360-1http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00039.htmlhttp://www.ubuntu.com/usn/USN-2360-2http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00032.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00036.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1354.htmlhttp://www.debian.org/security/2014/dsa-3033http://rhn.redhat.com/errata/RHSA-2014-1307.htmlhttp://www.debian.org/security/2014/dsa-3037http://www.kb.cert.org/vuls/id/772676http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttps://security.gentoo.org/glsa/201504-01http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761http://www.securityfocus.com/bid/70116http://secunia.com/advisories/61583http://secunia.com/advisories/61576http://secunia.com/advisories/61575http://secunia.com/advisories/61574http://secunia.com/advisories/61540https://exchange.xforce.ibmcloud.com/vulnerabilities/96194https://nvd.nist.govhttps://usn.ubuntu.com/2360-1/https://access.redhat.com/security/cve/cve-2014-1568https://www.kb.cert.org/vuls/id/772676
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook