CVE-2014-1568

Severity

75%

Complexity

99%

Confidentiality

106%

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Mozilla

First reported 10 years ago

2014-09-25 17:55:00

Last updated 7 years ago

2017-08-29 01:34:00

Affected Software

Mozilla Firefox

Mozilla Firefox 32.0.1

32.0.1

Mozilla Firefox 32.0.2

32.0.2

Mozilla Firefox Extended Support Release (ESR) 31.0

31.0

Mozilla Firefox Extended Support Release (ESR) 31.1.0

31.1.0

Mozilla Network Security Services 3.2

3.2

Mozilla Network Security Services 3.2.1

3.2.1

Mozilla Network Security Services 3.3

3.3

Mozilla Network Security Services 3.3.1

3.3.1

Mozilla Network Security Services 3.3.2

3.3.2

Mozilla Network Security Services 3.4

3.4

Mozilla Network Security Services 3.4.1

3.4.1

Mozilla Network Security Services 3.4.2

3.4.2

Mozilla Network Security Services 3.5

3.5

Mozilla Network Security Services 3.6

3.6

Mozilla Network Security Services 3.6.1

3.6.1

Mozilla Network Security Services 3.7

3.7

Mozilla Network Security Services 3.7.1

3.7.1

Mozilla Network Security Services 3.7.2

3.7.2

Mozilla Network Security Services 3.7.3

3.7.3

Mozilla Network Security Services 3.7.5

3.7.5

Mozilla Network Security Services 3.7.7

3.7.7

Mozilla Network Security Services 3.8

3.8

Mozilla Network Security Services 3.9

3.9

Mozilla Network Security Services 3.11.2

3.11.2

Mozilla Network Security Services 3.11.3

3.11.3

Mozilla Network Security Services 3.11.4

3.11.4

Mozilla Network Security Services 3.11.5

3.11.5

Mozilla Network Security Services 3.12

3.12

Mozilla Network Security Services 3.12.1

3.12.1

Mozilla Network Security Services 3.12.2

3.12.2

Mozilla Network Security Services 3.12.3

3.12.3

Mozilla Network Security Services 3.12.3.1

3.12.3.1

Mozilla Network Security Services 3.12.3.2

3.12.3.2

Mozilla Network Security Services 3.12.4

3.12.4

Mozilla Network Security Services 3.12.5

3.12.5

Mozilla Network Security Services 3.12.6

3.12.6

Mozilla Network Security Services 3.12.7

3.12.7

Mozilla Network Security Services 3.12.8

3.12.8

Mozilla Network Security Services 3.12.9

3.12.9

Mozilla Network Security Services 3.12.10

3.12.10

Mozilla Network Security Services 3.12.11

3.12.11

Mozilla Network Security Services 3.14

3.14

Mozilla Network Security Services 3.14.1

3.14.1

Mozilla Network Security Services 3.14.2

3.14.2

Mozilla Network Security Services 3.14.3

3.14.3

Mozilla Network Security Services 3.14.4

3.14.4

Mozilla Network Security Services 3.14.5

3.14.5

Mozilla Network Security Services 3.15

3.15

Mozilla Network Security Services 3.15.1

3.15.1

Mozilla Network Security Services 3.15.2

3.15.2

Mozilla Network Security Services 3.15.3

3.15.3

Mozilla Network Security Services 3.15.3.1

3.15.3.1

Mozilla Network Security Services 3.15.4

3.15.4

Mozilla Network Security Services 3.15.5

3.15.5

Mozilla Network Security Services 3.16

3.16

Mozilla Network Security Services 3.16.1

3.16.1

Mozilla Network Security Services

Mozilla Network Security Services 3.16.3

3.16.3

Mozilla Network Security Services 3.16.4

3.16.4

Mozilla SeaMonkey

Mozilla SeaMonkey 1.0

1.0

Mozilla SeaMonkey 1.0 alpha

1.0

Mozilla SeaMonkey 1.0 beta

1.0

Mozilla SeaMonkey 1.0.1

1.0.1

Mozilla SeaMonkey 1.0.2

1.0.2

Mozilla SeaMonkey 1.0.3

1.0.3

Mozilla SeaMonkey 1.0.4

1.0.4

Mozilla SeaMonkey 1.0.5

1.0.5

Mozilla SeaMonkey 1.0.6

1.0.6

Mozilla SeaMonkey 1.0.7

1.0.7

Mozilla SeaMonkey 1.0.8

1.0.8

Mozilla SeaMonkey 1.0.9

1.0.9

Mozilla SeaMonkey 1.1

1.1

Mozilla SeaMonkey 1.1 alpha

1.1

Mozilla SeaMonkey 1.1 beta

1.1

Mozilla Seamonkey 1.1.1

1.1.1

Mozilla Seamonkey 1.1.2

1.1.2

Mozilla Seamonkey 1.1.3

1.1.3

Mozilla Seamonkey 1.1.4

1.1.4

Mozilla Seamonkey 1.1.5

1.1.5

Mozilla Seamonkey 1.1.6

1.1.6

Mozilla Seamonkey 1.1.7

1.1.7

Mozilla SeaMonkey 1.1.8

1.1.8

Mozilla SeaMonkey 1.1.9

1.1.9

Mozilla SeaMonkey 1.1.10

1.1.10

Mozilla SeaMonkey 1.1.11

1.1.11

Mozilla SeaMonkey 1.1.12

1.1.12

Mozilla SeaMonkey 1.1.13

1.1.13

Mozilla SeaMonkey 1.1.14

1.1.14

Mozilla SeaMonkey 1.1.15

1.1.15

Mozilla SeaMonkey 1.1.16

1.1.16

Mozilla SeaMonkey 1.1.17

1.1.17

Mozilla Seamonkey 1.1.18

1.1.18

Mozilla Seamonkey 1.1.19

1.1.19

Mozilla SeaMonkey 1.5.0.8

1.5.0.8

Mozilla SeaMonkey 1.5.0.9

1.5.0.9

Mozilla SeaMonkey 1.5.0.10

1.5.0.10

Mozilla SeaMonkey 2.0

2.0

Mozilla SeaMonkey 2.0 Alpha 1

2.0

Mozilla SeaMonkey 2.0 Alpha 2

2.0

Mozilla SeaMonkey 2.0 Alpha 3

2.0

Mozilla SeaMonkey 2.0 Beta 1

2.0

Mozilla SeaMonkey 2.0 Beta 2

2.0

Mozilla SeaMonkey 2.0 RC1

2.0

Mozilla SeaMonkey 2.0 RC2

2.0

Mozilla SeaMonkey 2.0.1

2.0.1

Mozilla SeaMonkey 2.0.2

2.0.2

Mozilla SeaMonkey 2.0.3

2.0.3

Mozilla SeaMonkey 2.0.4

2.0.4

Mozilla SeaMonkey 2.0.5

2.0.5

Mozilla SeaMonkey 2.0.6

2.0.6

Mozilla SeaMonkey 2.0.7

2.0.7

Mozilla SeaMonkey 2.0.8

2.0.8

Mozilla SeaMonkey 2.0.9

2.0.9

Mozilla SeaMonkey 2.0.10

2.0.10

Mozilla SeaMonkey 2.0.11

2.0.11

Mozilla SeaMonkey 2.0.12

2.0.12

Mozilla SeaMonkey 2.0.13

2.0.13

Mozilla SeaMonkey 2.0.14

2.0.14

Mozilla SeaMonkey 2.1

2.1

Mozilla SeaMonkey 2.1 alpha1

2.1

Mozilla SeaMonkey 2.1 alpha2

2.1

Mozilla SeaMonkey 2.1 alpha3

2.1

Mozilla SeaMonkey 2.1 Beta 1

2.1

Mozilla SeaMonkey 2.1 Beta 2

2.1

Mozilla SeaMonkey 2.1 Beta 3

2.1

Mozilla SeaMonkey 2.1 Release Candidate 1

2.1

Mozilla SeaMonkey 2.1 Release Candidate 2

2.1

Mozilla SeaMonkey 2.2

2.2

Mozilla SeaMonkey 2.2 Beta 1

2.2

Mozilla SeaMonkey 2.2 Beta 2

2.2

Mozilla SeaMonkey 2.2 Beta 3

2.2

Mozilla SeaMonkey 2.10

2.10

Mozilla SeaMonkey 2.10 beta1

2.10

Mozilla SeaMonkey 2.10 beta2

2.10

Mozilla SeaMonkey 2.10 beta3

2.10

Mozilla SeaMonkey 2.10.1

2.10.1

Mozilla SeaMonkey 2.11

2.11

Mozilla SeaMonkey 2.11 beta1

2.11

Mozilla SeaMonkey 2.11 beta2

2.11

Mozilla SeaMonkey 2.11 beta3

2.11

Mozilla SeaMonkey 2.11 beta4

2.11

Mozilla SeaMonkey 2.11 beta5

2.11

Mozilla SeaMonkey 2.11 beta6

2.11

Mozilla SeaMonkey 2.12

2.12

Mozilla SeaMonkey 2.12 beta1

2.12

Mozilla SeaMonkey 2.12 beta2

2.12

Mozilla SeaMonkey 2.12 beta3

2.12

Mozilla SeaMonkey 2.12 beta4

2.12

Mozilla SeaMonkey 2.12 beta5

2.12

Mozilla SeaMonkey 2.12 beta6

2.12

Mozilla SeaMonkey 2.12.1

2.12.1

Mozilla SeaMonkey 2.13

2.13

Mozilla SeaMonkey 2.13 beta1

2.13

Mozilla SeaMonkey 2.13 beta2

2.13

Mozilla SeaMonkey 2.13 beta3

2.13

Mozilla SeaMonkey 2.13 beta4

2.13

Mozilla SeaMonkey 2.13 beta5

2.13

Mozilla SeaMonkey 2.13 beta6

2.13

Mozilla SeaMonkey 2.13.1

2.13.1

Mozilla Seamonkey 2.13.2

2.13.2

Mozilla Seamonkey 2.14

2.14

Mozilla Seamonkey 2.14 beta1

2.14

Mozilla Seamonkey 2.14 beta2

2.14

Mozilla Seamonkey 2.14 beta3

2.14

Mozilla Seamonkey 2.14 beta4

2.14

Mozilla Seamonkey 2.14 beta5

2.14

Mozilla Seamonkey 2.15

2.15

Mozilla Seamonkey 2.15 beta1

2.15

Mozilla Seamonkey 2.15 beta2

2.15

Mozilla Seamonkey 2.15 beta3

2.15

Mozilla Seamonkey 2.15 beta4

2.15

Mozilla Seamonkey 2.15 beta5

2.15

Mozilla Seamonkey 2.15 beta6

2.15

Mozilla Seamonkey 2.15.1

2.15.1

Mozilla Seamonkey 2.15.2

2.15.2

Mozilla Seamonkey 2.16

2.16

Mozilla Seamonkey 2.16 beta1

2.16

Mozilla Seamonkey 2.16 beta2

2.16

Mozilla Seamonkey 2.16 beta3

2.16

Mozilla Seamonkey 2.16 beta4

2.16

Mozilla Seamonkey 2.16 beta5

2.16

Mozilla Seamonkey 2.16.1

2.16.1

Mozilla Seamonkey 2.16.2

2.16.2

Mozilla Seamonkey 2.17

2.17

Mozilla Seamonkey 2.17 beta1

2.17

Mozilla Seamonkey 2.17 beta2

2.17

Mozilla Seamonkey 2.17 beta3

2.17

Mozilla Seamonkey 2.17 beta4

2.17

Mozilla SeaMonkey 2.17.1

2.17.1

Mozilla SeaMonkey 2.18 beta1

2.18

Mozilla SeaMonkey 2.18 beta2

2.18

Mozilla SeaMonkey 2.18 beta3

2.18

Mozilla SeaMonkey 2.18 beta4

2.18

Mozilla SeaMonkey 2.19

2.19

Mozilla SeaMonkey 2.19 beta1

2.19

Mozilla SeaMonkey 2.19 beta2

2.19

Mozilla SeaMonkey 2.20

2.20

Mozilla SeaMonkey 2.20 beta1

2.20

Mozilla SeaMonkey 2.20 beta2

2.20

Mozilla SeaMonkey 2.20 beta3

2.20

Mozilla SeaMonkey 2.21 beta1

2.21

Mozilla SeaMonkey 2.21 beta2

2.21

Mozilla SeaMonkey 2.22 beta1

2.22

Mozilla SeaMonkey 2.22 beta2

2.22

Mozilla SeaMonkey 2.22.1

2.22.1

Mozilla SeaMonkey 2.23

2.23

Mozilla SeaMonkey 2.23 beta1

2.23

Mozilla SeaMonkey 2.24

2.24

Mozilla SeaMonkey 2.24 beta1

2.24

Mozilla SeaMonkey 2.25

2.25

Mozilla SeaMonkey 2.25 beta 1

2.25

Mozilla SeaMonkey 2.25 beta 2

2.25

Mozilla SeaMonkey 2.25 beta 3

2.25

Mozilla SeaMonkey 2.26

2.26

Mozilla SeaMonkey 2.26 release candidate 1

2.26

Mozilla Thunderbird

Mozilla Thunderbird 31.0

31.0

Mozilla Thunderbird 31.1.0

31.1.0

Mozilla Thunderbird 31.1.1

31.1.1

References

http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html

http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761

SUSE-SU-2014:1220

openSUSE-SU-2014:1224

openSUSE-SU-2014:1232

RHSA-2014:1307

RHSA-2014:1354

RHSA-2014:1371

61540

61574

61575

61576

61583

DSA-3033

DSA-3034

DSA-3037

VU#772676

US Government Resource

http://www.mozilla.org/security/announce/2014/mfsa2014-73.html

Vendor Advisory

http://www.novell.com/support/kb/doc.php?id=7015701

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

70116

USN-2360-1

USN-2360-2

USN-2361-1

https://bugzilla.mozilla.org/show_bug.cgi?id=1064636

https://bugzilla.mozilla.org/show_bug.cgi?id=1069405

Vendor Advisory

mozilla-nss-cve20141568-sec-bypass(96194)

GLSA-201504-01

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.