Certificate Verification Issue in Mozilla Network Security Services (NSS)
CVE-2013-5606

Currently unrated

Key Information:

Vendor: Mozilla
Status: Network Security Services
Vendor: CVE Published:; 18 November 2013

What is CVE-2013-5606?

A flaw in the CERT_VerifyCert function of Mozilla Network Security Services (NSS) prior to version 3.15.3 can yield unexpected results with certain key-usage certificates. This vulnerability enables remote attackers to potentially bypass essential access controls by supplying specially crafted certificates that interact improperly with the CERTVerifyLog parameters. Proper scrutiny of certificates is critical for maintaining system integrity and securing user communications, making immediate attention to this issue vital for affected users.

References

http://www.securityfocus.com/bid/63737

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/topics/security/ovmbull...

x_refsource_CONFIRM

https://developer.mozilla.org/docs/NSS/NSS_3.15.3_release...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2013
Vulnerability Reserved
Aug 26, 2013

JSON