CVE-2014-1490 Information

Feb 14, 2021 cve

Description

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4 as used in Mozilla Firefox before 27.0 Firefox ESR 24.x before 24.3 Thunderbird before 24.3 SeaMonkey before 2.24 and other products allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.

Reference

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://osvdb.org/102876 http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/56706 http://secunia.com/advisories/56767 http://secunia.com/advisories/56787 http://secunia.com/advisories/56858 http://secunia.com/advisories/56888 http://secunia.com/advisories/56922 http://www.debian.org/security/2014/dsa-2858 http://www.mozilla.org/security/announce/2014/mfsa2014-12.html http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securityfocus.com/bid/65335 http://www.securitytracker.com/id/1029717 http://www.securitytracker.com/id/1029720 http://www.securitytracker.com/id/1029721 http://www.ubuntu.com/usn/USN-2102-1 http://www.ubuntu.com/usn/USN-2102-2 http://www.ubuntu.com/usn/USN-2119-1 http://www.vmware.com/security/advisories/VMSA-2014-0012.html https://8pecxstudios.com/?page_id=44080 https://bugzilla.mozilla.org/show_bug.cgi?id=930857 https://bugzilla.mozilla.org/show_bug.cgi?id=930874 https://exchange.xforce.ibmcloud.com/vulnerabilities/90885 https://security.gentoo.org/glsa/201504-01

Share on: