10

CVE-2014-1544

EPSS 3.22%
Published 23.07.2014 11:12:42
Last modified 12.04.2025 10:46:40
Source security@mozilla.org
Teams watchlist Login
Open Login

Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain.

Affected products Warnungen 0 Metrics 2 CWE 0 References 19

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version <= 30.0

Mozilla ≫ Firefox Version24.0

Mozilla ≫ Firefox Version24.1.0

Mozilla ≫ Firefox Version24.1.1

Mozilla ≫ Firefox ESR Version24.0.1

Mozilla ≫ Firefox ESR Version24.0.2

Mozilla ≫ Firefox ESR Version24.2

Mozilla ≫ Firefox ESR Version24.3

Mozilla ≫ Firefox ESR Version24.4

Mozilla ≫ Firefox ESR Version24.5

Mozilla ≫ Firefox ESR Version24.6

Mozilla ≫ Network Security Services Version3.2

Mozilla ≫ Network Security Services Version3.2.1

Mozilla ≫ Network Security Services Version3.3

Mozilla ≫ Network Security Services Version3.3.1

Mozilla ≫ Network Security Services Version3.3.2

Mozilla ≫ Network Security Services Version3.4

Mozilla ≫ Network Security Services Version3.4.1

Mozilla ≫ Network Security Services Version3.4.2

Mozilla ≫ Network Security Services Version3.5

Mozilla ≫ Network Security Services Version3.6

Mozilla ≫ Network Security Services Version3.6.1

Mozilla ≫ Network Security Services Version3.7

Mozilla ≫ Network Security Services Version3.7.1

Mozilla ≫ Network Security Services Version3.7.2

Mozilla ≫ Network Security Services Version3.7.3

Mozilla ≫ Network Security Services Version3.7.5

Mozilla ≫ Network Security Services Version3.7.7

Mozilla ≫ Network Security Services Version3.8

Mozilla ≫ Network Security Services Version3.9

Mozilla ≫ Network Security Services Version3.11.2

Mozilla ≫ Network Security Services Version3.11.3

Mozilla ≫ Network Security Services Version3.11.4

Mozilla ≫ Network Security Services Version3.11.5

Mozilla ≫ Network Security Services Version3.12

Mozilla ≫ Network Security Services Version3.12.1

Mozilla ≫ Network Security Services Version3.12.2

Mozilla ≫ Network Security Services Version3.12.3

Mozilla ≫ Network Security Services Version3.12.3.1

Mozilla ≫ Network Security Services Version3.12.3.2

Mozilla ≫ Network Security Services Version3.12.4

Mozilla ≫ Network Security Services Version3.12.5

Mozilla ≫ Network Security Services Version3.12.6

Mozilla ≫ Network Security Services Version3.12.7

Mozilla ≫ Network Security Services Version3.12.8

Mozilla ≫ Network Security Services Version3.12.9

Mozilla ≫ Network Security Services Version3.12.10

Mozilla ≫ Network Security Services Version3.12.11

Mozilla ≫ Network Security Services Version3.14

Mozilla ≫ Network Security Services Version3.14.1

Mozilla ≫ Network Security Services Version3.14.2

Mozilla ≫ Network Security Services Version3.14.3

Mozilla ≫ Network Security Services Version3.14.4

Mozilla ≫ Network Security Services Version3.14.5

Mozilla ≫ Network Security Services Version3.15

Mozilla ≫ Network Security Services Version3.15.1

Mozilla ≫ Network Security Services Version3.15.2

Mozilla ≫ Network Security Services Version3.15.3

Mozilla ≫ Network Security Services Version3.15.3.1

Mozilla ≫ Network Security Services Version3.15.4

Mozilla ≫ Network Security Services Version3.15.5

Mozilla ≫ Network Security Services Version3.16

Mozilla ≫ Thunderbird Version <= 24.6

Mozilla ≫ Thunderbird Version24.0

Mozilla ≫ Thunderbird Version24.0.1

Mozilla ≫ Thunderbird Version24.1

Mozilla ≫ Thunderbird Version24.1.1

Mozilla ≫ Thunderbird Version24.2

Mozilla ≫ Thunderbird Version24.3

Mozilla ≫ Thunderbird Version24.4

Mozilla ≫ Thunderbird Version24.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.22%	0.858

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

https://security.gentoo.org/glsa/201504-01

http://secunia.com/advisories/60621

http://secunia.com/advisories/59591

http://secunia.com/advisories/59719

http://secunia.com/advisories/59760

http://secunia.com/advisories/60083

http://secunia.com/advisories/60486

http://secunia.com/advisories/60628

http://www.debian.org/security/2014/dsa-2986

http://www.debian.org/security/2014/dsa-2996

http://www.mozilla.org/security/announce/2014/mfsa2014-63.html

Vendor Advisory

http://www.securityfocus.com/bid/68816

http://www.securitytracker.com/id/1030617

https://bugzilla.mozilla.org/show_bug.cgi?id=963150

https://nvd.nist.gov/vuln/detail/CVE-2014-1544

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-1544

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-1544

EUVD