PT-2014-4207 · Mozilla+4 · Firefox+8

Antoine Delignat-Lavaud

·

Publicado

2014-02-04

·

Atualizado

2024-06-15

·

CVE-2014-1491

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Mozilla Network Security Services (NSS) versions prior to 3.15.4 Mozilla Firefox versions prior to 27.0 Firefox ESR 24.x versions prior to 24.3 Thunderbird versions prior to 24.3 SeaMonkey versions prior to 2.24
Description The issue makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value. This is due to the improper restriction of public values in Diffie-Hellman key exchanges.
Recommendations For Mozilla Network Security Services (NSS) versions prior to 3.15.4, update to version 3.15.4 or later. For Mozilla Firefox versions prior to 27.0, update to version 27.0 or later. For Firefox ESR 24.x versions prior to 24.3, update to version 24.3 or later. For Thunderbird versions prior to 24.3, update to version 24.3 or later. For SeaMonkey versions prior to 2.24, update to version 2.24 or later.

Exploit

Correção

Inadequate Encryption Strength

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-326

Identificadores relacionados

ALT-PU-2014-1209
ALT-PU-2014-1211
ALT-PU-2014-1212
ALT-PU-2014-1266
CESA-2014_0917
CVE-2014-1491
DLA-23-1
DSA-2858-1
DSA-2994-1
OPENSUSE-SU-2014_0213-1
OPENSUSE-SU-2014_0419-1
OPENSUSE-SU-2014_1100-1
OPENSUSE-SU-2024:10071-1
OPENSUSE-SU-2024:10218-1
OPENSUSE-SU-2024:10230-1
OPENSUSE-SU-2024:10451-1
RHSA-2014:0917
RHSA-2014:0979
RHSA-2014:1246
RHSA-2014_0917
RHSA-2014_1246

Produtos afetados

Alt Linux
Centos
Firefox
Firefox Esr
Network Security Services
Red Hat
Seamonkey
Suse
Thunderbird