Race Condition in libssl of Mozilla Products Leading to Denial of Service
CVE-2014-1490

Currently unrated

Key Information:

Vendor: Mozilla
Status: Network Security Services; Seamonkey; Firefox; Firefox Esr
Vendor: CVE Published:; 6 February 2014

What is CVE-2014-1490?

The vulnerability in libssl of Mozilla's Network Security Services (NSS) pre-3.15.4 can be exploited via a race condition during session ticket replacement in resumption handshakes. This flaw may allow remote attackers to induce a denial of service, resulting in a use-after-free situation, and could potentially lead to other unintentional impacts on affected systems. Ensuring timely updates and patches is critical for mitigating risks associated with this vulnerability.

References

http://www.ubuntu.com/usn/USN-2119-1

vendor-advisoryx_refsource_UBUNTU

http://www.oracle.com/technetwork/topics/security/ovmbull...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/65335

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 6, 2014
Vulnerability Reserved
Jan 16, 2014