CVE-2014-1568

Name of the Vulnerable Software and Affected Versions Mozilla Network Security Services (NSS) versions prior to 3.16.2.1 Mozilla Firefox versions prior to 32.0.3 Mozilla Firefox ESR versions prior to 24.8.1 and 31.x prior to 31.1.1 Mozilla Thunderbird versions prior to 24.8.1 and 31.x prior to 31.1.2 Mozilla SeaMonkey version prior to 2.29.1 Google Chrome versions prior to 37.0.2062.124 on Windows and OS X Google Chrome OS version prior to 37.0.2062.120

Description The issue exists due to incorrect parsing of ASN.1 values in X.509 certificates, which allows remote attackers to spoof RSA signatures via a crafted certificate, also known as a "signature malleability" issue. This enables attackers to substitute RSA signatures using specially formed certificates.

Recommendations For Mozilla Network Security Services (NSS) versions prior to 3.16.2.1, update to version 3.16.2.1 or later. For Mozilla Firefox versions prior to 32.0.3, update to version 32.0.3 or later. For Mozilla Firefox ESR versions prior to 24.8.1 and 31.x prior to 31.1.1, update to version 24.8.1 or 31.1.1 or later. For Mozilla Thunderbird versions prior to 24.8.1 and 31.x prior to 31.1.2, update to version 24.8.1 or 31.1.2 or later. For Mozilla SeaMonkey version prior to 2.29.1, update to version 2.29.1 or later. For Google Chrome versions prior to 37.0.2062.124 on Windows and OS X, update to version 37.0.2062.124 or later. For Google Chrome OS version prior to 37.0.2062.120, update to version 37.0.2062.120 or later.