Improper Restriction in Mozilla Products' Diffie-Hellman Key Exchange Mechanism
CVE-2014-1491

Currently unrated

Key Information:

Vendor: Mozilla
Status: Network Security Services; Seamonkey; Firefox; Firefox Esr
Vendor: CVE Published:; 6 February 2014

What is CVE-2014-1491?

The vulnerability in Mozilla's Network Security Services (NSS) impacts several key products by failing to properly restrict public values during Diffie-Hellman key exchanges. This oversight allows remote attackers the possibility to exploit the handling of tickets, potentially bypassing cryptographic protection mechanisms and compromising the security of user data.

References

http://www.ubuntu.com/usn/USN-2119-1

vendor-advisoryx_refsource_UBUNTU

http://www.oracle.com/technetwork/topics/security/ovmbull...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1029721

vdb-entryx_refsource_SECTRACK

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 6, 2014
Vulnerability Reserved
Jan 16, 2014