CVE-2014-1490

high

Description

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.

References

https://security.gentoo.org/glsa/201504-01

https://exchange.xforce.ibmcloud.com/vulnerabilities/90885

https://bugzilla.mozilla.org/show_bug.cgi?id=930874

https://bugzilla.mozilla.org/show_bug.cgi?id=930857

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

http://www.ubuntu.com/usn/USN-2119-1

http://www.ubuntu.com/usn/USN-2102-2

http://www.ubuntu.com/usn/USN-2102-1

http://www.securitytracker.com/id/1029721

http://www.securitytracker.com/id/1029720

http://www.securitytracker.com/id/1029717

http://www.securityfocus.com/bid/65335

http://www.securityfocus.com/archive/1/534161/100/0/threaded

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

http://www.mozilla.org/security/announce/2014/mfsa2014-12.html

http://www.debian.org/security/2014/dsa-2858

http://secunia.com/advisories/56922

http://secunia.com/advisories/56888

http://secunia.com/advisories/56858

http://secunia.com/advisories/56787

http://secunia.com/advisories/56767

http://secunia.com/advisories/56706

http://seclists.org/fulldisclosure/2014/Dec/23

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761

Details

Source: Mitre, NVD

Published: 2014-02-06

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High