CVE-2014-1489

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 27.0

Description The issue is related to errors in the implementation of access restrictions for scripts from other pages to about:home buttons. This allows remote attackers to cause a denial of service (session restore) via a crafted web site, requiring active actions from the user. The vulnerability is also related to errors in the implementation of a certain key type verification mechanism in the crypto.generateCRMFRequest method, which can cause a denial of service (application crash) when generating a key that supports the Elliptic Curve ec-dual-use algorithm.

Recommendations For Mozilla Firefox versions prior to 27.0, update to version 27.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the about:home buttons and avoiding the use of the crypto.generateCRMFRequest method with keys that support the Elliptic Curve ec-dual-use algorithm until a patch is available.