Wildcard Vulnerability in Certificate-Checking Implementation of Mozilla NSS
CVE-2014-1492

Currently unrated

Key Information:

Vendor

Mozilla
Status
Network Security Services
Vendor
CVE Published:
25 March 2014

What is CVE-2014-1492?

The cert_TestHostName function in Mozilla Network Security Services (NSS) allows the acceptance of wildcard characters within internationalized domain names' U-labels. This vulnerability poses a significant security risk, as it could enable attackers to perform man-in-the-middle attacks by presenting malicious SSL certificates that are accepted by the compromised certificate-checking mechanism.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.oracle.com/technetwork/topics/security/ovmbull...
x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2014-0012....
x_refsource_CONFIRM
http://www.debian.org/security/2014/dsa-2994
vendor-advisoryx_refsource_DEBIAN

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.