Vulnerability Description
Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 24.3 |
| Mozilla | Network Security Services | < 3.15.4 |
| Mozilla | Seamonkey | < 2.24 |
| Mozilla | Thunderbird | < 24.3.0 |
| Oracle | Enterprise Manager Ops Center | < 12.1.4 |
| Oracle | Vm Server | 3.2 |
| Fedoraproject | Fedora | 19 |
| Opensuse | Opensuse | 11.4 |
| Suse | Linux Enterprise Desktop | 11 |
| Suse | Linux Enterprise Server | 11 |
| Suse | Linux Enterprise Software Development Kit | 11 |
| Debian | Debian Linux | 7.0 |
| Canonical | Ubuntu Linux | 12.04 |
Related Weaknesses (CWE)
References
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.hThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.hThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.htmlMailing ListThird Party Advisory
- http://osvdb.org/102876Broken Link
- http://seclists.org/fulldisclosure/2014/Dec/23Not Applicable
- http://secunia.com/advisories/56706Third Party Advisory
- http://secunia.com/advisories/56767Third Party Advisory
- http://secunia.com/advisories/56787Third Party Advisory
- http://secunia.com/advisories/56858Third Party Advisory
- http://secunia.com/advisories/56888Third Party Advisory
- http://secunia.com/advisories/56922Third Party Advisory
FAQ
What is CVE-2014-1490?
CVE-2014-1490 is a vulnerability with a CVSS score of 9.3 (HIGH). Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24,...
How severe is CVE-2014-1490?
CVE-2014-1490 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-1490?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Network Security Services, Mozilla Seamonkey, Mozilla Thunderbird, Oracle Enterprise Manager Ops Center.