Denial of Service Vulnerability in Mozilla Firefox and SeaMonkey
CVE-2014-1498

Currently unrated

Key Information:

Vendor

Suse
Status
Linux Enterprise Desktop
Linux Enterprise Server
Linux Enterprise Software Development Kit
Vendor
CVE Published:
19 March 2014

What is CVE-2014-1498?

The vulnerability resides in the crypto.generateCRMFRequest method of Mozilla Firefox versions prior to 28.0 and SeaMonkey versions before 2.25. This issue arises from improper validation of a specific key type, which can allow attackers to trigger application crashes. Through maliciously crafted vectors that prompt the generation of keys potentially supporting the Elliptic Curve ec-dual-use algorithm, remote attackers can exploit this flaw to disrupt the normal functionality of the affected applications, leading to a denial of service.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.mozilla.org/security/announce/2014/mfsa2014-18...
x_refsource_CONFIRM
https://security.gentoo.org/glsa/201504-01
vendor-advisoryx_refsource_GENTOO
http://lists.opensuse.org/opensuse-security-announce/2014...
vendor-advisoryx_refsource_SUSE

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.