CVE-2014-1492

Currently unrated

Key Information:

Vendor: Mozilla
Status: Network Security Services
Vendor: CVE Published:; 25 March 2014

Summary

The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

References

http://www.oracle.com/technetwork/topics/security/ovmbull...

x_refsource_CONFIRM

http://www.vmware.com/security/advisories/VMSA-2014-0012....

x_refsource_CONFIRM

http://www.debian.org/security/2014/dsa-2994

vendor-advisoryx_refsource_DEBIAN

Timeline

Vulnerability published
Mar 25, 2014
Vulnerability Reserved
Jan 16, 2014