Vulnerabilities > CVE-2014-1492 - Improper Input Validation vulnerability in Mozilla Network Security Services
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Server Side Include (SSI) Injection An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
- Cross Zone Scripting An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
- Cross Site Scripting through Log Files An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
- Command Line Execution through SQL Injection An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-336.NASL description This is a MozillaFirefox update to version 29.0 : - MFSA 2014-34/CVE-2014-1518/CVE-2014-1519 Miscellaneous memory safety hazards - MFSA 2014-36/CVE-2014-1522 (bmo#995289) Web Audio memory corruption issues - MFSA 2014-37/CVE-2014-1523 (bmo#969226) Out of bounds read while decoding JPG images - MFSA 2014-38/CVE-2014-1524 (bmo#989183) Buffer overflow when using non-XBL object as XBL - MFSA 2014-39/CVE-2014-1525 (bmo#989210) Use-after-free in the Text Track Manager for HTML video - MFSA 2014-41/CVE-2014-1528 (bmo#963962) Out-of-bounds write in Cairo - MFSA 2014-42/CVE-2014-1529 (bmo#987003) Privilege escalation through Web Notification API - MFSA 2014-43/CVE-2014-1530 (bmo#895557) Cross-site scripting (XSS) using history navigations - MFSA 2014-44/CVE-2014-1531 (bmo#987140) Use-after-free in imgLoader while resizing images - MFSA 2014-45/CVE-2014-1492 (bmo#903885) Incorrect IDNA domain name matching for wildcard certificates (fixed by NSS 3.16) - MFSA 2014-46/CVE-2014-1532 (bmo#966006) Use-after-free in nsHostResolver - MFSA 2014-47/CVE-2014-1526 (bmo#988106) Debugger can bypass XrayWrappers with JavaScript - rebased patches - removed obsolete patches - firefox-browser-css.patch - mozilla-aarch64-599882cfb998.diff - mozilla-aarch64-bmo-963028.patch - mozilla-aarch64-bmo-963029.patch - mozilla-aarch64-bmo-963030.patch - mozilla-aarch64-bmo-963031.patch - requires NSS 3.16 - added mozilla-icu-strncat.patch to fix post build checks - add mozilla-aarch64-599882cfb998.patch, mozilla-aarch64-bmo-810631.patch, mozilla-aarch64-bmo-962488.patch, mozilla-aarch64-bmo-963030.patch, mozilla-aarch64-bmo-963027.patch, mozilla-aarch64-bmo-963028.patch, mozilla-aarch64-bmo-963029.patch, mozilla-aarch64-bmo-963023.patch, mozilla-aarch64-bmo-963024.patch, mozilla-aarch64-bmo-963031.patch: AArch64 porting - Add patch for bmo#973977 - mozilla-ppc64-xpcom.patch - Refresh mozilla-ppc64le-xpcom.patch patch - Adapt mozilla-ppc64le-xpcom.patch to Mozilla > 24.0 build system This is also a mozilla-nss update to version 3.16 : - required for Firefox 29 - bmo#903885 - (CVE-2014-1492) In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. - Supports the Linux x32 ABI. To build for the Linux x32 target, set the environment variable USE_X32=1 when building NSS. New Functions : - NSS_CMSSignerInfo_Verify New Macros - TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, etc., cipher suites that were first defined in SSL 3.0 can now be referred to with their official IANA names in TLS, with the TLS_ prefix. Previously, they had to be referred to with their names in SSL 3.0, with the SSL_ prefix. Notable Changes : - ECC is enabled by default. It is no longer necessary to set the environment variable NSS_ENABLE_ECC=1 when building NSS. To disable ECC, set the environment variable NSS_DISABLE_ECC=1 when building NSS. - libpkix should not include the common name of CA as DNS names when evaluating name constraints. - AESKeyWrap_Decrypt should not return SECSuccess for invalid keys. - Fix a memory corruption in sec_pkcs12_new_asafe. - If the NSS_SDB_USE_CACHE environment variable is set, skip the runtime test sdb_measureAccess. - The built-in roots module has been updated to version 1.97, which adds, removes, and distrusts several certificates. - The atob utility has been improved to automatically ignore lines of text that aren last seen 2020-06-05 modified 2014-06-13 plugin id 75346 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75346 title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2014:0599-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-1073.NASL description From Red Hat Security Advisory 2014:1073 : Updated nss, nss-util, and nss-softokn packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv3, TLS, and other security standards. It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) In addition, the nss, nss-util, and nss-softokn packages have been upgraded to upstream version 3.16.2, which provides a number of bug fixes and enhancements over the previous versions. (BZ#1124659) Users of NSS are advised to upgrade to these updated packages, which correct these issues and add these enhancements. After installing this update, applications using NSS must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 77242 published 2014-08-19 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77242 title Oracle Linux 7 : nss / nss-softokn / nss-util (ELSA-2014-1073) NASL family Windows NASL id IPLANET_WEB_PROXY_4_0_24.NASL description The remote host has a version of Oracle iPlanet Web Proxy Server (formerly Sun Java System Web Proxy Server) 4.0 prior to 4.0.24. It is, therefore, affected by the following vulnerabilities : - The implementation of Network Security Services (NSS) does not ensure that data structures are initialized, which could result in a denial of service or disclosure of sensitive information. (CVE-2013-1739) - The implementation of Network Security Services (NSS) does not properly handle the TLS False Start feature and could allow man-in-the-middle attacks. (CVE-2013-1740) - An error exists related to handling input greater than half the maximum size of the last seen 2020-06-01 modified 2020-06-02 plugin id 76592 published 2014-07-18 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76592 title Oracle iPlanet Web Proxy Server 4.0 < 4.0.24 Multiple Vulnerabilities NASL family Windows NASL id MOZILLA_FIREFOX_29.NASL description The installed version of Firefox is a version prior to 29.0 and is, therefore, potentially affected by the following vulnerabilities : - An issue exists in the Network Security (NSS) library due to improper handling of IDNA domain prefixes for wildcard certificates. This issue could allow man-in- the-middle attacks. (CVE-2014-1492) - Memory issues exist that could lead to arbitrary code execution. (CVE-2014-1518, CVE-2014-1519) - An issue exists related to the last seen 2020-06-01 modified 2020-06-02 plugin id 73769 published 2014-04-29 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73769 title Firefox < 29.0 Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201504-01.NASL description The remote host is affected by the vulnerability described in GLSA-201504-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. Workaround : There are no known workarounds at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 82632 published 2015-04-08 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82632 title GLSA-201504-01 : Mozilla Products: Multiple vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-1246.NASL description From Red Hat Security Advisory 2014:1246 : Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues. Upstream acknowledges Brian Smith as the original reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491, and Abhishek Arya as the original reporter of CVE-2014-1545. The nss and nspr packages have been upgraded to upstream version 3.16.1 and 4.10.6 respectively, which provide a number of bug fixes and enhancements over the previous versions. (BZ#1110857, BZ#1110860) This update also fixes the following bugs : * Previously, when the output.log file was not present on the system, the shell in the Network Security Services (NSS) specification handled test failures incorrectly as false positive test results. Consequently, certain utilities, such as last seen 2020-06-01 modified 2020-06-02 plugin id 77739 published 2014-09-18 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77739 title Oracle Linux 5 : nspr / nss (ELSA-2014-1246) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2014-086-04.NASL description New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 73250 published 2014-03-31 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73250 title Slackware 14.0 / 14.1 / current : mozilla-nss (SSA:2014-086-04) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-23.NASL description CVE-2013-1741 Runaway memset in certificate parsing on 64-bit computers leading to a crash by attempting to write 4Gb of nulls. CVE-2013-5606 Certificate validation with the verifylog mode did not return validation errors, but instead expected applications to determine the status by looking at the log. CVE-2014-1491 Ticket handling protection mechanisms bypass due to the lack of restriction of public values in Diffie-Hellman key exchanges. CVE-2014-1492 Incorrect IDNA domain name matching for wildcard certificates could allow specially crafted invalid certificates to be considered as valid. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-03-26 plugin id 82171 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82171 title Debian DLA-23-1 : nss security update NASL family Misc. NASL id ORACLE_TRAFFIC_DIRECTOR_JULY_2014_CPU.NASL description The remote host is running an unpatched version of Oracle Traffic Director that is affected by the following vulnerabilities : - The implementation of Network Security Services (NSS) does not ensure that data structures are initialized, which could result in a denial of service or disclosure of sensitive information. (CVE-2013-1739) - The implementation of Network Security Services (NSS) does not properly handle the TLS False Start feature and could allow man-in-the-middle attacks. (CVE-2013-1740) - NSS contains an integer overflow flaw that allows remote attackers to cause a denial of service. (CVE-2013-1741) - An error exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 76938 published 2014-07-31 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76938 title Oracle Traffic Director Multiple Vulnerabilities (July 2014 CPU) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0917.NASL description Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1544) A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1544, CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues. Upstream acknowledges Tyson Smith and Jesse Schwartzentruber as the original reporters of CVE-2014-1544, Brian Smith as the original reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491, and Abhishek Arya as the original reporter of CVE-2014-1545. In addition, the nss package has been upgraded to upstream version 3.16.1, and the nspr package has been upgraded to upstream version 4.10.6. These updated packages provide a number of bug fixes and enhancements over the previous versions. (BZ#1112136, BZ#1112135) Users of NSS and NSPR are advised to upgrade to these updated packages, which correct these issues and add these enhancements. After installing this update, applications using NSS or NSPR must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 76698 published 2014-07-23 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76698 title RHEL 6 : nss and nspr (RHSA-2014:0917) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-531.NASL description As discussed in an upstream announcement, Ruby last seen 2020-06-01 modified 2020-06-02 plugin id 83883 published 2015-05-29 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83883 title Amazon Linux AMI : ruby20 (ALAS-2015-531) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0979.NASL description An updated rhev-hypervisor6 package that fixes one security issue is now available. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1491 issue. Upstream acknowledges Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491. This update includes changes to the rhev-hypervisor component : * The most recent build of rhev-hypervisor is included in version 3.4.1. (BZ#1118298) This updated package also provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2014-4699 and CVE-2014-4943 (kernel issues) CVE-2014-4607 (lzo issue) CVE-2013-1740, CVE-2014-1490, CVE-2014-1492, CVE-2014-1545, and CVE-2014-1544 (nss and nspr issues) Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package. last seen 2020-06-01 modified 2020-06-02 plugin id 79038 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79038 title RHEL 6 : rhev-hypervisor6 (RHSA-2014:0979) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-532.NASL description As discussed in an upstream announcement, Ruby last seen 2020-06-01 modified 2020-06-02 plugin id 83884 published 2015-05-29 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83884 title Amazon Linux AMI : ruby21 (ALAS-2015-532) NASL family CGI abuses NASL id ORACLE_OPENSSO_AGENT_CPU_OCT_2014.NASL description The Oracle OpenSSO agent installed on the remote host is missing a vendor-supplied update. It is, therefore, affected by multiple vulnerabilities in the bundled Mozilla Network Security Services, the most serious of which can allow remote code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 78774 published 2014-10-31 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78774 title Oracle OpenSSO Agent Multiple Vulnerabilities (October 2014 CPU) NASL family Fedora Local Security Checks NASL id FEDORA_2014-5829.NASL description Update to latest upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-05-03 plugin id 73848 published 2014-05-03 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73848 title Fedora 19 : firefox-29.0-5.fc19 / thunderbird-24.5.0-1.fc19 / xulrunner-29.0-1.fc19 (2014-5829) NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-0665-1.NASL description This Mozilla Firefox and Mozilla NSS update fixes several security and non-security issues. Mozilla Firefox has been updated to 24.5.0esr which fixes the following issues : - MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards - MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG images - MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object as XBL - MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web Notification API - MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history navigations - MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while resizing images - MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver Mozilla NSS has been updated to 3.16 - required for Firefox 29 - CVE-2014-1492_ In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. - Update of root certificates. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-20 plugin id 83621 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83621 title SUSE SLES11 Security Update : Mozilla Firefox (SUSE-SU-2014:0665-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2185-1.NASL description Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, John Schoenick, Karl Tomlinson, Vladimir Vukicevic and Christian Holler discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1518, CVE-2014-1519) An out of bounds read was discovered in Web Audio. An attacker could potentially exploit this cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1522) Abhishek Arya discovered an out of bounds read when decoding JPG images. An attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2014-1523) Abhishek Arya discovered a buffer overflow when a script uses a non-XBL object as an XBL object. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1524) Abhishek Arya discovered a use-after-free in the Text Track Manager when processing HTML video. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1525) Jukka Jylanki discovered an out-of-bounds write in Cairo when working with canvas in some circumstances. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1528) Mariusz Mlynski discovered that sites with notification permissions can run script in a privileged context in some circumstances. An attacker could exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1529) It was discovered that browser history navigations could be used to load a site with the addressbar displaying the wrong address. An attacker could potentially exploit this to conduct cross-site scripting or phishing attacks. (CVE-2014-1530) A use-after-free was discovered when resizing images in some circumstances. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1531) Christian Heimes discovered that NSS did not handle IDNA domain prefixes correctly for wildcard certificates. An attacker could potentially exploit this by using a specially crafted certificate to conduct a man-in-the-middle attack. (CVE-2014-1492) Tyson Smith and Jesse Schwartzentruber discovered a use-after-free during host resolution in some circumstances. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1532) Boris Zbarsky discovered that the debugger bypassed XrayWrappers for some objects. If a user were tricked in to opening a specially crafted website whilst using the debugger, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1526). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 73786 published 2014-04-30 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73786 title Ubuntu 12.04 LTS / 12.10 / 13.10 / 14.04 LTS : firefox vulnerabilities (USN-2185-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-354.NASL description This is a SeaMonkey update to version 2.26 : - MFSA 2014-34/CVE-2014-1518/CVE-2014-1519 Miscellaneous memory safety hazards - MFSA 2014-36/CVE-2014-1522 (bmo#995289) Web Audio memory corruption issues - MFSA 2014-37/CVE-2014-1523 (bmo#969226) Out of bounds read while decoding JPG images - MFSA 2014-38/CVE-2014-1524 (bmo#989183) Buffer overflow when using non-XBL object as XBL - MFSA 2014-39/CVE-2014-1525 (bmo#989210) Use-after-free in the Text Track Manager for HTML video - MFSA 2014-41/CVE-2014-1528 (bmo#963962) Out-of-bounds write in Cairo - MFSA 2014-42/CVE-2014-1529 (bmo#987003) Privilege escalation through Web Notification API - MFSA 2014-43/CVE-2014-1530 (bmo#895557) Cross-site scripting (XSS) using history navigations - MFSA 2014-44/CVE-2014-1531 (bmo#987140) Use-after-free in imgLoader while resizing images - MFSA 2014-45/CVE-2014-1492 (bmo#903885) Incorrect IDNA domain name matching for wildcard certificates (fixed by NSS 3.16) - MFSA 2014-46/CVE-2014-1532 (bmo#966006) Use-after-free in nsHostResolver - MFSA 2014-47/CVE-2014-1526 (bmo#988106) Debugger can bypass XrayWrappers with JavaScript - rebased patches - added aarch64 porting patches - mozilla-aarch64-bmo-810631.patch - mozilla-aarch64-bmo-962488.patch - mozilla-aarch64-bmo-963023.patch - mozilla-aarch64-bmo-963024.patch - mozilla-aarch64-bmo-963027.patch - requires NSPR 4.10.3 and NSS 3.16 - added mozilla-icu-strncat.patch to fix post build checks last seen 2020-06-05 modified 2014-06-13 plugin id 75352 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75352 title openSUSE Security Update : seamonkey (openSUSE-SU-2014:0629-1) NASL family Scientific Linux Local Security Checks NASL id SL_20140722_NSS_AND_NSPR_ON_SL6_X.NASL description A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1544) A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) In addition, the nss package has been upgraded to upstream version 3.16.1, and the nspr package has been upgraded to upstream version 4.10.6. These updated packages provide a number of bug fixes and enhancements over the previous versions. After installing this update, applications using NSS or NSPR must be restarted for this update to take effect. last seen 2020-03-18 modified 2014-07-23 plugin id 76702 published 2014-07-23 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76702 title Scientific Linux Security Update : nss and nspr on SL6.x i386/x86_64 (20140722) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-533.NASL description As discussed in an upstream announcement, Ruby last seen 2020-06-01 modified 2020-06-02 plugin id 83885 published 2015-05-29 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83885 title Amazon Linux AMI : ruby22 (ALAS-2015-533) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2159-1.NASL description It was discovered that NSS incorrectly handled wildcard certificates when used with internationalized domain names. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to spoof SSL servers. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2014-04-03 plugin id 73316 published 2014-04-03 reporter Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73316 title Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : nss vulnerability (USN-2159-1) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-530.NASL description As discussed in an upstream announcement, Ruby last seen 2020-06-01 modified 2020-06-02 plugin id 83882 published 2015-05-29 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83882 title Amazon Linux AMI : ruby19 (ALAS-2015-530) NASL family Scientific Linux Local Security Checks NASL id SL_20140916_NSS_AND_NSPR_ON_SL5_X.NASL description A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) The nss and nspr packages have been upgraded to upstream version 3.16.1 and 4.10.6 respectively, which provide a number of bug fixes and enhancements over the previous versions. This update also fixes the following bugs : - Previously, when the output.log file was not present on the system, the shell in the Network Security Services (NSS) specification handled test failures incorrectly as false positive test results. Consequently, certain utilities, such as last seen 2020-03-18 modified 2014-09-29 plugin id 77955 published 2014-09-29 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77955 title Scientific Linux Security Update : nss and nspr on SL5.x i386/x86_64 (20140916) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2994.NASL description Several vulnerabilities have been discovered in nss, the Mozilla Network Security Service library : - CVE-2013-1741 Runaway memset in certificate parsing on 64-bit computers leading to a crash by attempting to write 4Gb of nulls. - CVE-2013-5606 Certificate validation with the verifylog mode did not return validation errors, but instead expected applications to determine the status by looking at the log. - CVE-2014-1491 Ticket handling protection mechanisms bypass due to the lack of restriction of public values in Diffie-Hellman key exchanges. - CVE-2014-1492 Incorrect IDNA domain name matching for wildcard certificates could allow specially crafted invalid certificates to be considered as valid. last seen 2020-03-17 modified 2014-08-01 plugin id 76950 published 2014-08-01 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76950 title Debian DSA-2994-1 : nss - security update NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-1073.NASL description Updated nss, nss-util, and nss-softokn packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv3, TLS, and other security standards. It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) In addition, the nss, nss-util, and nss-softokn packages have been upgraded to upstream version 3.16.2, which provides a number of bug fixes and enhancements over the previous versions. (BZ#1124659) Users of NSS are advised to upgrade to these updated packages, which correct these issues and add these enhancements. After installing this update, applications using NSS must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 77243 published 2014-08-19 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77243 title RHEL 7 : nss, nss-util, nss-softokn (RHSA-2014:1073) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL16716.NASL description CVE-2013-1740 The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic. CVE-2014-1490 Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket. CVE-2014-1491 Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value. CVE-2014-1492 The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is iframeded in an internationalized domain name last seen 2020-06-01 modified 2020-06-02 plugin id 91202 published 2016-05-18 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91202 title F5 Networks BIG-IP : Multiple Mozilla NSS vulnerabilities (K16716) NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-0727-1.NASL description This Mozilla Firefox update provides several security and non-security fixes. Mozilla Firefox has been updated to 24.5.0esr, which fixes the following issues : - MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards - MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG images - MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object as XBL - MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web Notification API - MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history navigations - MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while resizing images - MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver Mozilla NSS has been updated to 3.16 - required for Firefox 29 - CVE-2014-1492_ In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. - Update of root certificates. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-20 plugin id 83624 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83624 title SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2014:0727-1) NASL family Web Servers NASL id SUN_JAVA_WEB_SERVER_7_0_20.NASL description According to its self-reported version, the Oracle iPlanet Web Server (formerly Sun Java System Web Server) running on the remote host is 7.0.x prior to 7.0.20. It is, therefore, affected by the following vulnerabilities in the Network Security Services (NSS) : - The implementation of NSS does not ensure that data structures are initialized, which can result in a denial of service or disclosure of sensitive information. (CVE-2013-1739) - An error exists in the ssl_Do1stHandshake() function in file sslsecur.c due to unencrypted data being returned from PR_Recv when the TLS False Start feature is enabled. A man-in-the-middle attacker can exploit this, by using an arbitrary X.509 certificate, to spoof SSL servers during certain handshake traffic. (CVE-2013-1740) - An integer overflow condition exists related to handling input greater than half the maximum size of the last seen 2020-06-01 modified 2020-06-02 plugin id 76593 published 2014-07-18 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76593 title Oracle iPlanet Web Server 7.0.x < 7.0.20 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-0665-2.NASL description This Mozilla Firefox update provides several security and non-security fixes. Mozilla Firefox has been updated to the 24.5.0esr version, which fixes the following issues : - MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards - MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG images - MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object as XBL - MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web Notification API - MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history navigations - MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while resizing images - MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver Mozilla NSS has been updated to version 3.16 - required for Firefox 29 - CVE-2014-1492_ In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. - Update of root certificates. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-20 plugin id 83622 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83622 title SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2014:0665-2) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-1246.NASL description Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues. Upstream acknowledges Brian Smith as the original reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491, and Abhishek Arya as the original reporter of CVE-2014-1545. The nss and nspr packages have been upgraded to upstream version 3.16.1 and 4.10.6 respectively, which provide a number of bug fixes and enhancements over the previous versions. (BZ#1110857, BZ#1110860) This update also fixes the following bugs : * Previously, when the output.log file was not present on the system, the shell in the Network Security Services (NSS) specification handled test failures incorrectly as false positive test results. Consequently, certain utilities, such as last seen 2020-06-01 modified 2020-06-02 plugin id 77699 published 2014-09-16 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77699 title RHEL 5 : nss and nspr (RHSA-2014:1246) NASL family Windows NASL id SEAMONKEY_2_26.NASL description The installed version of SeaMonkey is a version prior to 2.26 and is, therefore, potentially affected by the following vulnerabilities : - An issue exists in the Network Security (NSS) library due to improper handling of IDNA domain prefixes for wildcard certificates. This issue could allow man-in- the-middle attacks. (CVE-2014-1492) - Memory issues exist that could lead to arbitrary code execution. (CVE-2014-1518, CVE-2014-1519) - An out-of-bounds read issue exists in the Web Audio feature that could lead to information disclosure. (CVE-2014-1522) - An out-of-bounds read issue exists when decoding certain JPG images that could lead to a denial of service. (CVE-2014-1523) - A memory corruption issue exists due to improper validation of XBL objects that could lead to arbitrary code execution. (CVE-2014-1524) - A use-after-free memory issue exists in the Text Track Manager during HTML video processing that could lead to arbitrary code execution. (CVE-2014-1525) - An issue exists related to the debugger bypassing XrayWrappers that could lead to privilege escalation. (CVE-2014-1526) - An out-of-bounds write issue exists in the Cairo graphics library that could lead to arbitrary code execution. Note that this issue only affects Firefox 28 and SeaMonkey prior to version 2.26. (CVE-2014-1528) - A security bypass issue exists in the Web Notification API that could lead to arbitrary code execution. (CVE-2014-1529) - A cross-site scripting issue exists that could allow an attacker to load another website other than the URL for the website that is shown in the address bar. (CVE-2014-1530) - A use-after-free issue exists due to an last seen 2020-06-01 modified 2020-06-02 plugin id 73771 published 2014-04-29 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73771 title SeaMonkey < 2.26 Multiple Vulnerabilities NASL family Web Servers NASL id GLASSFISH_CPU_JUL_2014.NASL description The version of GlassFish Server running on the remote host is affected by multiple vulnerabilities in the following components : - The implementation of Network Security Services (NSS) does not ensure that data structures are initialized, which could result in a denial of service or disclosure of sensitive information. (CVE-2013-1739) - The implementation of Network Security Services (NSS) does not properly handle the TLS False Start feature and could allow man-in-the-middle attacks. (CVE-2013-1740) - Network Security Services (NSS) contains an integer overflow flaw that allows remote attackers to cause a denial of service. (CVE-2013-1741) - An error exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 76591 published 2014-07-18 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76591 title Oracle GlassFish Server Multiple Vulnerabilities (July 2014 CPU) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-1073.NASL description Updated nss, nss-util, and nss-softokn packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv3, TLS, and other security standards. It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) In addition, the nss, nss-util, and nss-softokn packages have been upgraded to upstream version 3.16.2, which provides a number of bug fixes and enhancements over the previous versions. (BZ#1124659) Users of NSS are advised to upgrade to these updated packages, which correct these issues and add these enhancements. After installing this update, applications using NSS must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 77239 published 2014-08-19 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77239 title CentOS 7 : nss / nss-softokn / nss-util (CESA-2014:1073) NASL family MacOS X Local Security Checks NASL id MACOSX_FIREFOX_29.NASL description The installed version of Firefox is a version prior to version 29.0. It is, therefore, potentially affected by multiple vulnerabilities : - An issue exists in the Network Security (NSS) library due to improper handling of IDNA domain prefixes for wildcard certificates. This issue could allow man-in- the-middle attacks. (CVE-2014-1492) - Memory issues exist that could lead to arbitrary code execution. (CVE-2014-1518, CVE-2014-1519) - An out-of-bounds read issue exists in the Web Audio feature that could lead to information disclosure. (CVE-2014-1522) - An out-of-bounds read issue exists when decoding certain JPG images that could lead to a denial of service. (CVE-2014-1523) - A memory corruption issue exists due to improper validation of XBL objects that could lead to arbitrary code execution. (CVE-2014-1524) - A use-after-free memory issue exists in the Text Track Manager during HTML video processing that could lead to arbitrary code execution. (CVE-2014-1525) - An issue exists related to the debugger bypassing XrayWrappers that could lead to privilege escalation. (CVE-2014-1526) - A security bypass issue exists in the Web Notification API that could lead to arbitrary code execution. (CVE-2014-1529) - A cross-site scripting issue exists that could allow an attacker to load another website other than the URL for the website that is shown in the address bar. (CVE-2014-1530) - A use-after-free issue exists due to an last seen 2020-06-01 modified 2020-06-02 plugin id 73766 published 2014-04-29 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73766 title Firefox < 29.0 Multiple Vulnerabilities (Mac OS X) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-0917.NASL description From Red Hat Security Advisory 2014:0917 : Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1544) A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1544, CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues. Upstream acknowledges Tyson Smith and Jesse Schwartzentruber as the original reporters of CVE-2014-1544, Brian Smith as the original reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491, and Abhishek Arya as the original reporter of CVE-2014-1545. In addition, the nss package has been upgraded to upstream version 3.16.1, and the nspr package has been upgraded to upstream version 4.10.6. These updated packages provide a number of bug fixes and enhancements over the previous versions. (BZ#1112136, BZ#1112135) Users of NSS and NSPR are advised to upgrade to these updated packages, which correct these issues and add these enhancements. After installing this update, applications using NSS or NSPR must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 76694 published 2014-07-23 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76694 title Oracle Linux 6 : nspr / nss (ELSA-2014-0917) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-059.NASL description Multiple vulnerabilities has been found and corrected in the Mozilla NSS and NSPR packages : The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name last seen 2020-06-01 modified 2020-06-02 plugin id 81942 published 2015-03-19 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81942 title Mandriva Linux Security Advisory : nss (MDVSA-2015:059) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-529.NASL description As discussed in an upstream announcement, Ruby last seen 2020-06-01 modified 2020-06-02 plugin id 83881 published 2015-05-29 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83881 title Amazon Linux AMI : ruby18 (ALAS-2015-529) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-0917.NASL description Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1544) A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1544, CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues. Upstream acknowledges Tyson Smith and Jesse Schwartzentruber as the original reporters of CVE-2014-1544, Brian Smith as the original reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491, and Abhishek Arya as the original reporter of CVE-2014-1545. In addition, the nss package has been upgraded to upstream version 3.16.1, and the nspr package has been upgraded to upstream version 4.10.6. These updated packages provide a number of bug fixes and enhancements over the previous versions. (BZ#1112136, BZ#1112135) Users of NSS and NSPR are advised to upgrade to these updated packages, which correct these issues and add these enhancements. After installing this update, applications using NSS or NSPR must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 76686 published 2014-07-23 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76686 title CentOS 6 : nspr / nss / nss-util (CESA-2014:0917) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-1246.NASL description Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues. Upstream acknowledges Brian Smith as the original reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491, and Abhishek Arya as the original reporter of CVE-2014-1545. The nss and nspr packages have been upgraded to upstream version 3.16.1 and 4.10.6 respectively, which provide a number of bug fixes and enhancements over the previous versions. (BZ#1110857, BZ#1110860) This update also fixes the following bugs : * Previously, when the output.log file was not present on the system, the shell in the Network Security Services (NSS) specification handled test failures incorrectly as false positive test results. Consequently, certain utilities, such as last seen 2020-06-01 modified 2020-06-02 plugin id 77993 published 2014-10-01 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77993 title CentOS 5 : nss (CESA-2014:1246) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_985D4D6CCFBD11E3A003B4B52FCE4CE8.NASL description The Mozilla Project reports : MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5) MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer MFSA 2014-36 Web Audio memory corruption issues MFSA 2014-37 Out of bounds read while decoding JPG images MFSA 2014-38 Buffer overflow when using non-XBL object as XBL MFSA 2014-39 Use-after-free in the Text Track Manager for HTML video MFSA 2014-41 Out-of-bounds write in Cairo MFSA 2014-42 Privilege escalation through Web Notification API MFSA 2014-43 Cross-site scripting (XSS) using history navigations MFSA 2014-44 Use-after-free in imgLoader while resizing images MFSA 2014-45 Incorrect IDNA domain name matching for wildcard certificates MFSA 2014-46 Use-after-free in nsHostResolve MFSA 2014-47 Debugger can bypass XrayWrappers with JavaScript last seen 2020-06-01 modified 2020-06-02 plugin id 73779 published 2014-04-30 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73779 title FreeBSD : mozilla -- multiple vulnerabilities (985d4d6c-cfbd-11e3-a003-b4b52fce4ce8) NASL family SuSE Local Security Checks NASL id SUSE_11_MOZILLAFIREFOX-201404-140501.NASL description This Mozilla Firefox and Mozilla NSS update to 24.5.0esr fixes the following several security and non-security issues : - Miscellaneous memory safety hazards. (MFSA 2014-34 / CVE-2014-1518) - Out of bounds read while decoding JPG images. (MFSA 2014-37 / CVE-2014-1523) - Buffer overflow when using non-XBL object as XBL. (MFSA 2014-38 / CVE-2014-1524) - Privilege escalation through Web Notification API. (MFSA 2014-42 / CVE-2014-1529) - Cross-site scripting (XSS) using history navigations. (MFSA 2014-43 / CVE-2014-1530) - Use-after-free in imgLoader while resizing images. (MFSA 2014-44 / CVE-2014-1531) - Use-after-free in nsHostResolver Mozilla NSS has been updated to 3.16:. (MFSA 2014-46 / CVE-2014-1532) - required for Firefox 29 - In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. (CVE-2014-1492) - Update of root certificates. last seen 2020-06-05 modified 2014-05-14 plugin id 74006 published 2014-05-14 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74006 title SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 9185)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
Seebug
bulletinFamily | exploit |
description | Bugtraq ID:66366 CVE ID:CVE-2014-1492 NSS实现SSL v2/v3, TLS, PKCS#5, PKCS#7, PKCS#11, PKCS#12, S/MIME, X.509v3证书和其他安全标准。 Network Security Services "sec_pkcs12_new_asafe()"函数(security/nss/lib/pkcs12/p12creat.c)存在错误,允许攻击者利用漏洞破坏内存,使应用程序崩溃或执行任意代码。 0 Network Security Services (NSS) 3.x Network Security Services 3.16已经修复该漏洞,建议用户下载更新: https://www.mozilla.org/ |
id | SSV:61912 |
last seen | 2017-11-19 |
modified | 2014-03-25 |
published | 2014-03-25 |
reporter | Root |
title | Mozilla Network Security Services 'p12creat.c'内存破坏漏洞 |
References
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html
- http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html
- http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html
- http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html
- http://seclists.org/fulldisclosure/2014/Dec/23
- http://secunia.com/advisories/59866
- http://secunia.com/advisories/60621
- http://secunia.com/advisories/60794
- http://www.debian.org/security/2014/dsa-2994
- http://www.mozilla.org/security/announce/2014/mfsa2014-45.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/archive/1/534161/100/0/threaded
- http://www.securityfocus.com/bid/66356
- http://www.ubuntu.com/usn/USN-2159-1
- http://www.ubuntu.com/usn/USN-2185-1
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=903885
- https://bugzilla.redhat.com/show_bug.cgi?id=1079851
- https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes
- https://hg.mozilla.org/projects/nss/rev/709d4e597979
- https://security.gentoo.org/glsa/201504-01