Wildcard Vulnerability in Certificate-Checking Implementation of Mozilla NSS
CVE-2014-1492

Currently unrated

Key Information:

Vendor: Mozilla
Status: Network Security Services
Vendor: CVE Published:; 25 March 2014

What is CVE-2014-1492?

The cert_TestHostName function in Mozilla Network Security Services (NSS) allows the acceptance of wildcard characters within internationalized domain names' U-labels. This vulnerability poses a significant security risk, as it could enable attackers to perform man-in-the-middle attacks by presenting malicious SSL certificates that are accepted by the compromised certificate-checking mechanism.

References

http://www.oracle.com/technetwork/topics/security/ovmbull...

x_refsource_CONFIRM

http://www.vmware.com/security/advisories/VMSA-2014-0012....

x_refsource_CONFIRM

http://www.debian.org/security/2014/dsa-2994

vendor-advisoryx_refsource_DEBIAN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2014
Vulnerability Reserved
Jan 16, 2014