PT-2014-4206 · Mozilla+4 · Firefox Esr+8

Publicado

2014-02-04

·

Atualizado

2024-12-12

·

CVE-2014-1490

CVSS v2.0

9.3

Alta

VetorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 27.0 Mozilla Firefox ESR 24.x versions prior to 24.3 Thunderbird versions prior to 24.3 SeaMonkey versions prior to 2.24 NSS versions prior to 3.15.4
Description A race condition in libssl in Mozilla Network Security Services (NSS) allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.
Recommendations For Mozilla Firefox versions prior to 27.0, update to version 27.0 or later. For Mozilla Firefox ESR 24.x versions prior to 24.3, update to version 24.3 or later. For Thunderbird versions prior to 24.3, update to version 24.3 or later. For SeaMonkey versions prior to 2.24, update to version 2.24 or later. For NSS versions prior to 3.15.4, update to version 3.15.4 or later.

Exploit

Correção

DoS

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

ALT-PU-2014-1209
ALT-PU-2014-1211
ALT-PU-2014-1212
ALT-PU-2014-1266
CESA-2014_0917
CVE-2014-1490
DSA-2858-1
OPENSUSE-SU-2014_0213-1
OPENSUSE-SU-2014_0419-1
OPENSUSE-SU-2014_1100-1
OPENSUSE-SU-2024:10071-1
OPENSUSE-SU-2024:10218-1
OPENSUSE-SU-2024:10230-1
OPENSUSE-SU-2024:10451-1
OPENSUSE-SU-2024:14572-1
RHSA-2014:0917
RHSA-2014:1246
RHSA-2014_0917
RHSA-2014_1246

Produtos afetados

Alt Linux
Centos
Firefox
Firefox Esr
Nss
Red Hat
Seamonkey
Suse
Thunderbird