1. Home
  2. CVE Database
  3. CVE-2014-1568
HIGH · 7.5

CVE-2014-1568

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x befor...

Vulnerability Description

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
GoogleChrome<= 37.0.2062.120
AppleMac Os XAll versions
MicrosoftWindowsAll versions
MozillaFirefox<= 32.0
MozillaFirefox Esr24.8.0
MozillaNetwork Security Services<= 3.16.2.0
MozillaSeamonkeyAll versions
MozillaThunderbird<= 24.8.0
GoogleChrome OsAll versions

Related Weaknesses (CWE)

CWE-310

References

FAQ

What is CVE-2014-1568?

CVE-2014-1568 is a vulnerability with a CVSS score of 7.5 (HIGH). Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x befor...

How severe is CVE-2014-1568?

CVE-2014-1568 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-1568?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Apple Mac Os X, Microsoft Windows, Mozilla Firefox, Mozilla Firefox Esr.