Details of VAR-201409-0340

ID

VAR-201409-0340

CVE

CVE-2014-1568

TITLE

Mozilla Network Security Services (NSS) fails to properly verify RSA signatures

Trust: 0.8

sources: CERT/CC: VU#772676

DESCRIPTION

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue. This vulnerability may allow an attacker to forge a RSA signature, such as a SSL certificate. Mozilla Network Security Services (NSS) The library contains DigestInfo There is a problem with the processing of RSA A vulnerability exists that does not properly verify signatures. Mozilla Network Security Services (NSS) Implemented by the library DigestInfo There is a vulnerability in the processing of. BER Encoded DigestInfo When parsing a field, the parsing of padded bytes is bypassed, PKCS#1 v1.5 Formal RSA Signature forgery may not be detected (CWE-295) . CWE-295: Improper Certificate Validation http://cwe.mitre.org/data/definitions/295.html This vulnerability 2006 Announced in the year Bleichenbacher vulnerability It is a kind of. Bleichenbacher vulnerability http://www.imc.org/ietf-openpgp/mail-archive/msg06063.html Mozilla NSS Is plural Linux Distributions and packages, and Google Chrome And Google Chrome OS It is used in etc. Other vulnerable libraries and products may have similar vulnerable implementations.SSL Certificate etc. RSA The signature may be forged. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates (CVE-2014-1568). The updated NSPR packages have been upgraded to the latest 4.10.7 version. The updated NSS packages have been upgraded to the latest 3.17.1 version which is not vulnerable to this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568 https://www.mozilla.org/security/announce/2014/mfsa2014-73.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: d532128922a8701f24f1d1a22b8e544c mbs1/x86_64/lib64nspr4-4.10.7-1.mbs1.x86_64.rpm 86c469bff7f47669ecfbe711fced774c mbs1/x86_64/lib64nspr-devel-4.10.7-1.mbs1.x86_64.rpm a5384df3378e1d282d24520fe9234804 mbs1/x86_64/lib64nss3-3.17.1-1.mbs1.x86_64.rpm 63722882484c4e4a4b438ddb33911fe8 mbs1/x86_64/lib64nss-devel-3.17.1-1.mbs1.x86_64.rpm 5a9c51abf5c3650926e4cdb8997ec2b1 mbs1/x86_64/lib64nss-static-devel-3.17.1-1.mbs1.x86_64.rpm 8b639de0098277bc211ed8b9f83c9516 mbs1/x86_64/nss-3.17.1-1.mbs1.x86_64.rpm edd4b951a0f68c4264137489f0dada31 mbs1/x86_64/nss-doc-3.17.1-1.mbs1.noarch.rpm 32f6ffafd4984d00b01b43e9b38fe344 mbs1/x86_64/rootcerts-20140805.00-1.mbs1.x86_64.rpm fa908930395265a0dbad1029252679ef mbs1/x86_64/rootcerts-java-20140805.00-1.mbs1.x86_64.rpm fb338172cf421a95728ec28412d2fed1 mbs1/SRPMS/nspr-4.10.7-1.mbs1.src.rpm 3c721493672c05aa7960aca11e3b1533 mbs1/SRPMS/nss-3.17.1-1.mbs1.src.rpm 8b79fa2baeaac0b531d7cb01c5a419b4 mbs1/SRPMS/rootcerts-20140805.00-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFUI8eWmqjQ0CJFipgRAsdxAJ4r/Y2zGrBkhKZhJ03LZA0ftgiU3QCgu8eh cZVDnrGL7yJkMqWtAZmkh7A= =5QVQ -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: rhev-hypervisor6 security update Advisory ID: RHSA-2014:1354-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1354.html Issue date: 2014-10-02 CVE Names: CVE-2014-1568 CVE-2014-6271 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 ===================================================================== 1. Summary: An updated rhev-hypervisor6 package that fixes several security issues is now available. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEV-M 3.4 - noarch 3. Description: The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue. (CVE-2014-6271) It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue. (CVE-2014-7169) A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. (CVE-2014-1568) It was discovered that the fixed-sized redir_stack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code. (CVE-2014-7186) An off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs. Depending on the layout of the .bss segment, this could allow arbitrary execution of code that would not otherwise be executed by Bash. (CVE-2014-7187) Red Hat would like to thank Stephane Chazelas for reporting CVE-2014-6271, and the Mozilla project for reporting CVE-2014-1568. Upstream acknowledges Antoine Delignat-Lavaud and Intel Product Security Incident Response Team as the original reporters of CVE-2014-1568. The CVE-2014-7186 and CVE-2014-7187 issues were discovered by Florian Weimer of Red Hat Product Security. Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package. 4. Solution: This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To upgrade Hypervisors in Red Hat Enterprise Virtualization environments using the disk image provided by this package, refer to: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/ht ml/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Ente rprise_Virtualization_Hypervisors.html 5. Bugs fixed (https://bugzilla.redhat.com/): 1141597 - CVE-2014-6271 bash: specially-crafted environment variables can be used to inject shell commands 1145429 - CVE-2014-1568 nss: RSA PKCS#1 signature verification forgery flaw (MFSA 2014-73) 1146319 - CVE-2014-7169 bash: code execution via specially-crafted environment (Incomplete fix for CVE-2014-6271) 1146791 - CVE-2014-7186 bash: parser can allow out-of-bounds memory access while handling redir_stack 1146804 - CVE-2014-7187 bash: off-by-one error in deeply nested flow control constructs 6. Package List: RHEV-M 3.4: Source: rhev-hypervisor6-6.5-20140930.1.el6ev.src.rpm noarch: rhev-hypervisor6-6.5-20140930.1.el6ev.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-1568.html https://www.redhat.com/security/data/cve/CVE-2014-6271.html https://www.redhat.com/security/data/cve/CVE-2014-7169.html https://www.redhat.com/security/data/cve/CVE-2014-7186.html https://www.redhat.com/security/data/cve/CVE-2014-7187.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFULad7XlSAg2UNWIIRArccAJ95pkvG2fyfrI6g4Ve/+fAdnbQq2QCffmYR IH3VLRMcNTi5Gr1GmWlBiFg= =DD5a -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201504-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla Products: Multiple vulnerabilities Date: April 07, 2015 Bugs: #489796, #491234, #493850, #500320, #505072, #509050, #512896, #517876, #522020, #523652, #525474, #531408, #536564, #541316, #544056 ID: 201504-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, the worst of which may allow user-assisted execution of arbitrary code. Background ========== Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the =E2=80=98Mozilla Application Suite=E2=80=99. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/firefox < 31.5.3 >= 31.5.3 2 www-client/firefox-bin < 31.5.3 >= 31.5.3 3 mail-client/thunderbird < 31.5.0 >= 31.5.0 4 mail-client/thunderbird-bin < 31.5.0 >= 31.5.0 5 www-client/seamonkey < 2.33.1 >= 2.33.1 6 www-client/seamonkey-bin < 2.33.1 >= 2.33.1 7 dev-libs/nspr < 4.10.6 >= 4.10.6 ------------------------------------------------------------------- 7 affected packages Description =========== Multiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. Workaround ========== There are no known workarounds at this time. Resolution ========== All firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-31.5.3" All firefox-bin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-31.5.3" All thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-31.5.0"= All thunderbird-bin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-31.5.0" All seamonkey users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.33.1" All seamonkey-bin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/seamonkey-bin-2.33.1" All nspr users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nspr-4.10.6" References ========== [ 1 ] CVE-2013-1741 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1741 [ 2 ] CVE-2013-2566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2566 [ 3 ] CVE-2013-5590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5590 [ 4 ] CVE-2013-5591 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5591 [ 5 ] CVE-2013-5592 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5592 [ 6 ] CVE-2013-5593 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5593 [ 7 ] CVE-2013-5595 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5595 [ 8 ] CVE-2013-5596 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5596 [ 9 ] CVE-2013-5597 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5597 [ 10 ] CVE-2013-5598 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5598 [ 11 ] CVE-2013-5599 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5599 [ 12 ] CVE-2013-5600 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5600 [ 13 ] CVE-2013-5601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5601 [ 14 ] CVE-2013-5602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5602 [ 15 ] CVE-2013-5603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5603 [ 16 ] CVE-2013-5604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5604 [ 17 ] CVE-2013-5605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5605 [ 18 ] CVE-2013-5606 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5606 [ 19 ] CVE-2013-5607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5607 [ 20 ] CVE-2013-5609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5609 [ 21 ] CVE-2013-5610 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5610 [ 22 ] CVE-2013-5612 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5612 [ 23 ] CVE-2013-5613 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5613 [ 24 ] CVE-2013-5614 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5614 [ 25 ] CVE-2013-5615 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5615 [ 26 ] CVE-2013-5616 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5616 [ 27 ] CVE-2013-5618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5618 [ 28 ] CVE-2013-5619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5619 [ 29 ] CVE-2013-6671 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6671 [ 30 ] CVE-2013-6672 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6672 [ 31 ] CVE-2013-6673 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6673 [ 32 ] CVE-2014-1477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1477 [ 33 ] CVE-2014-1478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1478 [ 34 ] CVE-2014-1479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1479 [ 35 ] CVE-2014-1480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1480 [ 36 ] CVE-2014-1481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1481 [ 37 ] CVE-2014-1482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1482 [ 38 ] CVE-2014-1483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1483 [ 39 ] CVE-2014-1485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1485 [ 40 ] CVE-2014-1486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1486 [ 41 ] CVE-2014-1487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1487 [ 42 ] CVE-2014-1488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1488 [ 43 ] CVE-2014-1489 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1489 [ 44 ] CVE-2014-1490 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1490 [ 45 ] CVE-2014-1491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1491 [ 46 ] CVE-2014-1492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1492 [ 47 ] CVE-2014-1493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1493 [ 48 ] CVE-2014-1494 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1494 [ 49 ] CVE-2014-1496 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1496 [ 50 ] CVE-2014-1497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1497 [ 51 ] CVE-2014-1498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1498 [ 52 ] CVE-2014-1499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1499 [ 53 ] CVE-2014-1500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1500 [ 54 ] CVE-2014-1502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1502 [ 55 ] CVE-2014-1505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1505 [ 56 ] CVE-2014-1508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1508 [ 57 ] CVE-2014-1509 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1509 [ 58 ] CVE-2014-1510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1510 [ 59 ] CVE-2014-1511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1511 [ 60 ] CVE-2014-1512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1512 [ 61 ] CVE-2014-1513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1513 [ 62 ] CVE-2014-1514 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1514 [ 63 ] CVE-2014-1518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1518 [ 64 ] CVE-2014-1519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1519 [ 65 ] CVE-2014-1520 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1520 [ 66 ] CVE-2014-1522 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1522 [ 67 ] CVE-2014-1523 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1523 [ 68 ] CVE-2014-1524 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1524 [ 69 ] CVE-2014-1525 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1525 [ 70 ] CVE-2014-1526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1526 [ 71 ] CVE-2014-1529 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1529 [ 72 ] CVE-2014-1530 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1530 [ 73 ] CVE-2014-1531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1531 [ 74 ] CVE-2014-1532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1532 [ 75 ] CVE-2014-1533 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1533 [ 76 ] CVE-2014-1534 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1534 [ 77 ] CVE-2014-1536 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1536 [ 78 ] CVE-2014-1537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1537 [ 79 ] CVE-2014-1538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1538 [ 80 ] CVE-2014-1539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1539 [ 81 ] CVE-2014-1540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1540 [ 82 ] CVE-2014-1541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1541 [ 83 ] CVE-2014-1542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1542 [ 84 ] CVE-2014-1543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1543 [ 85 ] CVE-2014-1544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1544 [ 86 ] CVE-2014-1545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1545 [ 87 ] CVE-2014-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1547 [ 88 ] CVE-2014-1548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1548 [ 89 ] CVE-2014-1549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1549 [ 90 ] CVE-2014-1550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1550 [ 91 ] CVE-2014-1551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1551 [ 92 ] CVE-2014-1552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1552 [ 93 ] CVE-2014-1553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1553 [ 94 ] CVE-2014-1554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1554 [ 95 ] CVE-2014-1555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1555 [ 96 ] CVE-2014-1556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1556 [ 97 ] CVE-2014-1557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1557 [ 98 ] CVE-2014-1558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1558 [ 99 ] CVE-2014-1559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1559 [ 100 ] CVE-2014-1560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1560 [ 101 ] CVE-2014-1561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1561 [ 102 ] CVE-2014-1562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1562 [ 103 ] CVE-2014-1563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1563 [ 104 ] CVE-2014-1564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1564 [ 105 ] CVE-2014-1565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1565 [ 106 ] CVE-2014-1566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1566 [ 107 ] CVE-2014-1567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1567 [ 108 ] CVE-2014-1568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1568 [ 109 ] CVE-2014-1574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1574 [ 110 ] CVE-2014-1575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1575 [ 111 ] CVE-2014-1576 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1576 [ 112 ] CVE-2014-1577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1577 [ 113 ] CVE-2014-1578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1578 [ 114 ] CVE-2014-1580 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1580 [ 115 ] CVE-2014-1581 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1581 [ 116 ] CVE-2014-1582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1582 [ 117 ] CVE-2014-1583 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1583 [ 118 ] CVE-2014-1584 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1584 [ 119 ] CVE-2014-1585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1585 [ 120 ] CVE-2014-1586 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1586 [ 121 ] CVE-2014-1587 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1587 [ 122 ] CVE-2014-1588 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1588 [ 123 ] CVE-2014-1589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1589 [ 124 ] CVE-2014-1590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1590 [ 125 ] CVE-2014-1591 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1591 [ 126 ] CVE-2014-1592 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1592 [ 127 ] CVE-2014-1593 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1593 [ 128 ] CVE-2014-1594 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1594 [ 129 ] CVE-2014-5369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5369 [ 130 ] CVE-2014-8631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8631 [ 131 ] CVE-2014-8632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8632 [ 132 ] CVE-2014-8634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8634 [ 133 ] CVE-2014-8635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8635 [ 134 ] CVE-2014-8636 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8636 [ 135 ] CVE-2014-8637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8637 [ 136 ] CVE-2014-8638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8638 [ 137 ] CVE-2014-8639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8639 [ 138 ] CVE-2014-8640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8640 [ 139 ] CVE-2014-8641 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8641 [ 140 ] CVE-2014-8642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8642 [ 141 ] CVE-2015-0817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0817 [ 142 ] CVE-2015-0818 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0818 [ 143 ] CVE-2015-0819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0819 [ 144 ] CVE-2015-0820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0820 [ 145 ] CVE-2015-0821 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0821 [ 146 ] CVE-2015-0822 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0822 [ 147 ] CVE-2015-0823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0823 [ 148 ] CVE-2015-0824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0824 [ 149 ] CVE-2015-0825 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0825 [ 150 ] CVE-2015-0826 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0826 [ 151 ] CVE-2015-0827 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0827 [ 152 ] CVE-2015-0828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0828 [ 153 ] CVE-2015-0829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0829 [ 154 ] CVE-2015-0830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0830 [ 155 ] CVE-2015-0831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0831 [ 156 ] CVE-2015-0832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0832 [ 157 ] CVE-2015-0833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0833 [ 158 ] CVE-2015-0834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0834 [ 159 ] CVE-2015-0835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0835 [ 160 ] CVE-2015-0836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0836 [ 161 ] VE-2014-1504 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201504-01 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ============================================================================ Ubuntu Security Notice USN-2360-1 September 24, 2014 firefox vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet. Software Description: - firefox: Mozilla Open Source web browser Details: Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: firefox 32.0.3+build1-0ubuntu0.14.04.1 Ubuntu 12.04 LTS: firefox 32.0.3+build1-0ubuntu0.12.04.1 After a standard system update you need to restart Firefox to make all the necessary changes. For the stable distribution (wheezy), this problem has been fixed in version 24.8.1esr-1~deb7u1. For the testing distribution (jessie) and unstable distribution (sid), Iceweasel uses the system NSS library, handled in DSA 3033-1. We recommend that you upgrade your iceweasel packages

Trust: 3.06

sources: NVD: CVE-2014-1568 // CERT/CC: VU#772676 // JVNDB: JVNDB-2014-004409 // VULHUB: VHN-69507 // VULMON: CVE-2014-1568 // PACKETSTORM: 128471 // PACKETSTORM: 128404 // PACKETSTORM: 128537 // PACKETSTORM: 131314 // PACKETSTORM: 128391 // PACKETSTORM: 128401

AFFECTED PRODUCTS

vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.15.1	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.12	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.12.10	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.5	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.5.0.8	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.3	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	31.0	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	32.0.1	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	32.0.2	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.13	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.16	Trust: 1.0
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	31.0	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.5.0.9	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.6	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.11	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.14	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.24	Trust: 1.0
vendor:	google	model:	chrome	scope:	lte	version:	37.0.2062.120	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.12	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.0.13	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.12.9	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.12.3.2	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.16	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.25	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.19	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	lte	version:	32.0	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.7.2	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.7.3	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.8	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.22	Trust: 1.0
vendor:	mozilla	model:	thunderbird	scope:	lte	version:	24.8.0	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.15.4	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.14.2	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.20	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.10	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.4	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.14.5	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0.7	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.0.7	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.12.1	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.0.10	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.13	Trust: 1.0
vendor:	mozilla	model:	firefox esr	scope:	eq	version:	24.8.0	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.0.2	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.10	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.12	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.13.2	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.12.3	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	lte	version:	2.29	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.6	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.14.1	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.0.3	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0.1	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.12.8	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.26	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.0.14	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.3	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.4.1	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.12.11	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0.4	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.15	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.8	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.12.2	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.15.1	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.1	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.16	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.15	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.12.4	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.15.2	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.14	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.0	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.7	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	31.1.0	Trust: 1.0
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	31.1.0	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.7.7	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.11.5	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.17	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.10.1	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0.9	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.4	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.2	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.15.5	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.21	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.0.6	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.22.1	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.12.7	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.11.2	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.2	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.23	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0.2	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.100	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.12.6	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.19	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.14.3	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	*	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.17	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.16.2	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.15.3.1	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.7	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0.3	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.2	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0.6	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.3	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.12.1	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.0.12	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.20	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.18	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.5	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.7.1	Trust: 1.0
vendor:	google	model:	chrome	scope:	lte	version:	37.0.2062.103	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.16.4	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.0.1	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.0.4	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.16.1	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.15	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.9	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.11.4	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.14.4	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.0	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.7.5	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.6.1	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.1	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.12.3.1	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.11.3	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	lte	version:	3.16.2.0	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.13.1	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.14	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.0.9	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.12.5	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0.8	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.3.1	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.11	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.18	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.0.8	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.15.2	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.2.1	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.102	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.17.1	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.16.3	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.16.1	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.9	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.5.0.10	Trust: 1.0
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	31.1.1	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0.5	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.3.2	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.0.5	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.4.2	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.15.3	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.0.11	Trust: 1.0
vendor:	google	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	mozilla	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	google	model:	chrome	scope:	lt	version:	37.0.2062.124 earlier	Trust: 0.8
vendor:	google	model:	chrome	scope:	lt	version:	os 37.0.2062.120 (platform version: 5978.98.1/5978.98.2) earlier	Trust: 0.8
vendor:	mozilla	model:	firefox	scope:	lt	version:	32.0.3 earlier	Trust: 0.8
vendor:	mozilla	model:	firefox esr	scope:	lt	version:	24.8.1 earlier	Trust: 0.8
vendor:	mozilla	model:	firefox esr	scope:	lt	version:	31.1.1 earlier	Trust: 0.8
vendor:	mozilla	model:	network security services	scope:	lt	version:	3.16.2.1 earlier	Trust: 0.8
vendor:	mozilla	model:	network security services	scope:	lt	version:	3.16.5 earlier	Trust: 0.8
vendor:	mozilla	model:	network security services	scope:	lt	version:	3.17.1 earlier	Trust: 0.8
vendor:	mozilla	model:	seamonkey	scope:	lt	version:	2.29.1 earlier	Trust: 0.8
vendor:	mozilla	model:	thunderbird	scope:	lt	version:	24.8.1 earlier	Trust: 0.8
vendor:	mozilla	model:	thunderbird	scope:	lt	version:	31.1.2 earlier	Trust: 0.8
vendor:	oracle	model:	communications applications	scope:	lte	version:	of oracle communications messaging server 7.0.5.33.0	Trust: 0.8
vendor:	oracle	model:	fusion middleware	scope:	eq	version:	of oracle directory server enterprise edition 11.1.1.7	Trust: 0.8
vendor:	oracle	model:	fusion middleware	scope:	eq	version:	of oracle directory server enterprise edition 7.0	Trust: 0.8
vendor:	oracle	model:	fusion middleware	scope:	eq	version:	of oracle opensso 3.0-05	Trust: 0.8
vendor:	oracle	model:	fusion middleware	scope:	eq	version:	of oracle traffic director 11.1.1.7.0	Trust: 0.8
vendor:	oracle	model:	glassfish server	scope:	eq	version:	2.1.1	Trust: 0.8
vendor:	oracle	model:	iplanet web proxy server	scope:	eq	version:	4.0	Trust: 0.8
vendor:	oracle	model:	iplanet web server	scope:	eq	version:	6.1	Trust: 0.8
vendor:	oracle	model:	iplanet web server	scope:	eq	version:	7.0	Trust: 0.8

sources: CERT/CC: VU#772676 // JVNDB: JVNDB-2014-004409 // NVD: CVE-2014-1568

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-1568
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-1568
value:	HIGH
Trust: 0.8
IPA:	JVNDB-2014-004409
value:	HIGH
Trust: 0.8
VULHUB:	VHN-69507
value:	HIGH
Trust: 0.1
VULMON:	CVE-2014-1568
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-1568
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	CVE-2014-1568
severity:	HIGH
baseScore:	8.8
vectorString:	NONE
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
IPA:	JVNDB-2014-004409
severity:	HIGH
baseScore:	8.8
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-69507
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#772676 // VULHUB: VHN-69507 // VULMON: CVE-2014-1568 // JVNDB: JVNDB-2014-004409 // NVD: CVE-2014-1568

PROBLEMTYPE DATA

problemtype:	CWE-310	Trust: 1.9
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-69507 // JVNDB: JVNDB-2014-004409 // NVD: CVE-2014-1568

THREAT TYPE

remote

Trust: 0.3

sources: PACKETSTORM: 128438 // PACKETSTORM: 128537 // PACKETSTORM: 128629

TYPE

arbitrary

Trust: 0.1

sources: PACKETSTORM: 131314

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004409

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#772676 // VULHUB: VHN-69507

PATCH

title:	Stable Channel Update	url:	http://googlechromereleases.blogspot.jp/2014/09/stable-channel-update_24.html	Trust: 0.8
title:	Stable Channel Update for Chrome OS	url:	http://googlechromereleases.blogspot.jp/2014/09/stable-channel-update-for-chrome-os_24.html	Trust: 0.8
title:	bug#1069405	url:	https://bugzilla.mozilla.org/show_bug.cgi?id=1069405	Trust: 0.8
title:	bug#1064636	url:	https://bugzilla.mozilla.org/show_bug.cgi?id=1064636	Trust: 0.8
title:	Network Security Services	url:	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS	Trust: 0.8
title:	NSS Releases	url:	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases	Trust: 0.8
title:	Mozilla Foundation セキュリティアドバイザリ 2014-73	url:	http://www.mozilla-japan.org/security/announce/2014/mfsa2014-73.html	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices	url:	http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - January 2015	url:	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixEM	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices	url:	http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - April 2015	url:	http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices	url:	http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - July 2015	url:	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html	Trust: 0.8
title:	RHSA-2014:1307	url:	https://rhn.redhat.com/errata/RHSA-2014-1307.html	Trust: 0.8
title:	RHSA-2014:1371	url:	https://rhn.redhat.com/errata/RHSA-2014-1371.html	Trust: 0.8
title:	RHSA-2014:1354	url:	https://rhn.redhat.com/errata/RHSA-2014-1354.html	Trust: 0.8
title:	July 2015 Critical Patch Update Released	url:	https://blogs.oracle.com/security/entry/july_2015_critical_patch_update	Trust: 0.8
title:	January 2015 Critical Patch Update Released	url:	https://blogs.oracle.com/security/entry/january_2015_critical_patch_update	Trust: 0.8
title:	April 2015 Critical Patch Update Released	url:	https://blogs.oracle.com/security/entry/april_2015_critical_patch_update	Trust: 0.8
title:	JSA10698	url:	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698&actp=search	Trust: 0.8
title:	Ubuntu Security Notice: nss vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2361-1	Trust: 0.1
title:	Ubuntu Security Notice: thunderbird vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2360-2	Trust: 0.1
title:	Ubuntu Security Notice: firefox vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2360-1	Trust: 0.1
title:	Debian Security Advisories: DSA-3037-1 icedove -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=0cdafb45f65b45c32ba28a252cf69aca	Trust: 0.1
title:	Debian Security Advisories: DSA-3033-1 nss -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=95a616cbe615a00b3319e7f0c0cc52a9	Trust: 0.1
title:	Debian Security Advisories: DSA-3034-1 iceweasel -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=0b8977bbd67dd6b7595c4a471981c654	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2014-422	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2014-422	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2014-423	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2014-423	Trust: 0.1
title:	Mozilla: Mozilla Foundation Security Advisory 2014-73	url:	https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=2014-73	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2014-424	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2014-424	Trust: 0.1
title:	Red Hat: CVE-2014-1568	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2014-1568	Trust: 0.1
title:	Symantec Security Advisories: SA84 : BERserk NSS Signature Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=f467357487965e566960830bb4f9f807	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - April 2015	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=4b527561ba1a5de7a529c8a93679f585	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - January 2015	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=4a692d6d60aa31507cb101702b494c51	Trust: 0.1
title:	Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins&qid=6c15273f6bf4a785175f27073b98a1ce	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - July 2015	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=459961024c4bdce7bb3a1a40a65a6f2e	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=976a4da35d55283870dbb31b88a6c655	Trust: 0.1
title:	Publications	url:	https://github.com/abazhaniuk/Publications	Trust: 0.1

sources: VULMON: CVE-2014-1568 // JVNDB: JVNDB-2014-004409

EXTERNAL IDS

db:	CERT/CC	id:	VU#772676	Trust: 2.8
db:	NVD	id:	CVE-2014-1568	Trust: 2.8
db:	JUNIPER	id:	JSA10761	Trust: 1.2
db:	JUNIPER	id:	JSA10698	Trust: 1.2
db:	SECUNIA	id:	61540	Trust: 1.2
db:	SECUNIA	id:	61575	Trust: 1.2
db:	SECUNIA	id:	61583	Trust: 1.2
db:	SECUNIA	id:	61574	Trust: 1.2
db:	SECUNIA	id:	61576	Trust: 1.2
db:	BID	id:	70116	Trust: 1.2
db:	JVN	id:	JVNVU94190107	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-004409	Trust: 0.8
db:	PACKETSTORM	id:	128537	Trust: 0.2
db:	PACKETSTORM	id:	128391	Trust: 0.2
db:	PACKETSTORM	id:	128629	Trust: 0.2
db:	PACKETSTORM	id:	128401	Trust: 0.2
db:	PACKETSTORM	id:	128471	Trust: 0.2
db:	PACKETSTORM	id:	128404	Trust: 0.2
db:	PACKETSTORM	id:	128438	Trust: 0.2
db:	PACKETSTORM	id:	128389	Trust: 0.1
db:	PACKETSTORM	id:	128390	Trust: 0.1
db:	PACKETSTORM	id:	128400	Trust: 0.1
db:	CNNVD	id:	CNNVD-201409-965	Trust: 0.1
db:	VULHUB	id:	VHN-69507	Trust: 0.1
db:	VULMON	id:	CVE-2014-1568	Trust: 0.1
db:	PACKETSTORM	id:	131314	Trust: 0.1

sources: CERT/CC: VU#772676 // VULHUB: VHN-69507 // VULMON: CVE-2014-1568 // PACKETSTORM: 128471 // PACKETSTORM: 128404 // PACKETSTORM: 128438 // PACKETSTORM: 128537 // PACKETSTORM: 131314 // PACKETSTORM: 128391 // PACKETSTORM: 128629 // PACKETSTORM: 128401 // JVNDB: JVNDB-2014-004409 // NVD: CVE-2014-1568

REFERENCES

url:	http://www.mozilla.org/security/announce/2014/mfsa2014-73.html	Trust: 2.9
url:	http://www.kb.cert.org/vuls/id/772676	Trust: 2.1
url:	https://bugzilla.mozilla.org/show_bug.cgi?id=1069405	Trust: 2.0
url:	https://bugzilla.mozilla.org/show_bug.cgi?id=1064636	Trust: 2.0
url:	http://www.imc.org/ietf-openpgp/mail-archive/msg06063.html	Trust: 1.6
url:	https://security.gentoo.org/glsa/201504-01	Trust: 1.3
url:	http://rhn.redhat.com/errata/rhsa-2014-1307.html	Trust: 1.3
url:	http://rhn.redhat.com/errata/rhsa-2014-1354.html	Trust: 1.3
url:	http://rhn.redhat.com/errata/rhsa-2014-1371.html	Trust: 1.3
url:	http://www.ubuntu.com/usn/usn-2360-1	Trust: 1.3
url:	http://www.securityfocus.com/bid/70116	Trust: 1.2
url:	http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html	Trust: 1.2
url:	http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html	Trust: 1.2
url:	http://www.novell.com/support/kb/doc.php?id=7015701	Trust: 1.2
url:	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Trust: 1.2
url:	http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html	Trust: 1.2
url:	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html	Trust: 1.2
url:	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html	Trust: 1.2
url:	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	Trust: 1.2
url:	http://www.debian.org/security/2014/dsa-3033	Trust: 1.2
url:	http://www.debian.org/security/2014/dsa-3034	Trust: 1.2
url:	http://www.debian.org/security/2014/dsa-3037	Trust: 1.2
url:	http://secunia.com/advisories/61540	Trust: 1.2
url:	http://secunia.com/advisories/61574	Trust: 1.2
url:	http://secunia.com/advisories/61575	Trust: 1.2
url:	http://secunia.com/advisories/61576	Trust: 1.2
url:	http://secunia.com/advisories/61583	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00032.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00036.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00039.html	Trust: 1.2
url:	http://www.ubuntu.com/usn/usn-2360-2	Trust: 1.2
url:	http://www.ubuntu.com/usn/usn-2361-1	Trust: 1.2
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/96194	Trust: 1.2
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10698	Trust: 1.1
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10761	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1568	Trust: 0.9
url:	https://developer.mozilla.org/en-us/docs/mozilla/projects/nss	Trust: 0.8
url:	https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_releases	Trust: 0.8
url:	https://www.ietf.org/rfc/rfc2313.txt	Trust: 0.8
url:	http://en.wikipedia.org/wiki/pkcs#1	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu94190107/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1568	Trust: 0.8
url:	https://tools.ietf.org/html/rfc2313	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1568	Trust: 0.7
url:	http://www.debian.org/security/	Trust: 0.4
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.3
url:	https://www.redhat.com/security/data/cve/cve-2014-1568.html	Trust: 0.3
url:	https://access.redhat.com/security/team/key/#package	Trust: 0.3
url:	https://bugzilla.redhat.com/):	Trust: 0.3
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://access.redhat.com/security/team/contact/	Trust: 0.3
url:	http://www.debian.org/security/faq	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.2
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10698	Trust: 0.1
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10761	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/310.html	Trust: 0.1
url:	https://usn.ubuntu.com/2361-1/	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-1568	Trust: 0.1
url:	http://www.mandriva.com/en/support/security/	Trust: 0.1
url:	http://www.mandriva.com/en/support/security/advisories/	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2014-7169.html	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2014-7186.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-7186	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2014-7187.html	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/ht	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-7169	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6271	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#critical	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2014-6271.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-7187	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1557	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1482	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1541	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1539	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1568	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5592	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5599	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1510	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1529	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6671	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1550	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8631	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5593	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0834	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1500	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1508	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5613	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1480	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1491	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1512	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1560	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1534	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1581	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1479	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1494	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5600	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5600	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5595	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1478	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1580	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1594	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1502	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8634	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0821	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0833	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1589	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6672	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8641	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1477	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0828	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1538	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8642	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1526	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0823	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5609	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1576	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6673	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5604	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1741	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1555	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5595	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1486	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1567	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5607	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1564	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5616	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1563	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1591	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5612	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5606	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8640	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1561	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1485	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5597	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0831	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1505	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1525	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1496	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0819	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1583	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0829	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8636	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1544	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5598	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1481	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8639	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0817	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1548	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1536	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0825	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1553	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1489	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8638	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5599	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1497	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1551	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1558	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5591	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1542	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5602	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1578	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0826	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5618	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5590	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2566	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1520	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5603	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1511	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0832	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1592	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1549	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5612	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1566	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1543	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1577	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5601	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1498	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1524	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1584	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1565	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5605	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5615	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5605	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1547	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8635	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5610	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1556	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5593	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1514	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1531	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0830	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0822	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1533	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1585	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5603	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5619	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5613	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5615	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-5369	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1574	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1488	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1532	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1559	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0835	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5618	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1493	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1588	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5596	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1530	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1522	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1552	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1593	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8632	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1513	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5597	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1587	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0818	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1487	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1519	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1523	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1540	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1586	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1518	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1590	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5592	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5601	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-1741	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1490	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2566	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1582	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0824	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5596	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8637	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5606	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1483	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1499	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5619	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0827	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5604	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0836	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5609	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5614	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5607	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5591	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5598	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1562	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1509	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5610	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1537	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1545	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0820	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1554	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5616	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1575	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5614	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5602	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5590	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1492	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/firefox/32.0.3+build1-0ubuntu0.14.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/firefox/32.0.3+build1-0ubuntu0.12.04.1	Trust: 0.1

CREDITS

Red Hat

Trust: 0.3

sources: PACKETSTORM: 128438 // PACKETSTORM: 128537 // PACKETSTORM: 128629

SOURCES

db:	CERT/CC	id:	VU#772676
db:	VULHUB	id:	VHN-69507
db:	VULMON	id:	CVE-2014-1568
db:	PACKETSTORM	id:	128471
db:	PACKETSTORM	id:	128404
db:	PACKETSTORM	id:	128438
db:	PACKETSTORM	id:	128537
db:	PACKETSTORM	id:	131314
db:	PACKETSTORM	id:	128391
db:	PACKETSTORM	id:	128629
db:	PACKETSTORM	id:	128401
db:	JVNDB	id:	JVNDB-2014-004409
db:	NVD	id:	CVE-2014-1568

LAST UPDATE DATE

2025-08-11T21:44:06.460000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#772676	date:	2014-09-24T00:00:00
db:	VULHUB	id:	VHN-69507	date:	2017-08-29T00:00:00
db:	VULMON	id:	CVE-2014-1568	date:	2017-08-29T00:00:00
db:	JVNDB	id:	JVNDB-2014-004409	date:	2015-12-02T00:00:00
db:	NVD	id:	CVE-2014-1568	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#772676	date:	2014-09-24T00:00:00
db:	VULHUB	id:	VHN-69507	date:	2014-09-25T00:00:00
db:	VULMON	id:	CVE-2014-1568	date:	2014-09-25T00:00:00
db:	PACKETSTORM	id:	128471	date:	2014-09-30T00:19:30
db:	PACKETSTORM	id:	128404	date:	2014-09-25T15:14:25
db:	PACKETSTORM	id:	128438	date:	2014-09-26T14:41:23
db:	PACKETSTORM	id:	128537	date:	2014-10-03T00:57:40
db:	PACKETSTORM	id:	131314	date:	2015-04-07T16:00:47
db:	PACKETSTORM	id:	128391	date:	2014-09-25T00:06:28
db:	PACKETSTORM	id:	128629	date:	2014-10-10T23:23:00
db:	PACKETSTORM	id:	128401	date:	2014-09-25T15:11:57
db:	JVNDB	id:	JVNDB-2014-004409	date:	2014-09-26T00:00:00
db:	NVD	id:	CVE-2014-1568	date:	2014-09-25T17:55:04.387