Denial of Service Vulnerability in Mozilla Firefox and SeaMonkey
CVE-2014-1498

Currently unrated

Key Information:

Vendor: Suse
Status: Linux Enterprise Desktop; Linux Enterprise Server; Linux Enterprise Software Development Kit
Vendor: CVE Published:; 19 March 2014

Summary

The vulnerability resides in the crypto.generateCRMFRequest method of Mozilla Firefox versions prior to 28.0 and SeaMonkey versions before 2.25. This issue arises from improper validation of a specific key type, which can allow attackers to trigger application crashes. Through maliciously crafted vectors that prompt the generation of keys potentially supporting the Elliptic Curve ec-dual-use algorithm, remote attackers can exploit this flaw to disrupt the normal functionality of the affected applications, leading to a denial of service.

References

http://www.mozilla.org/security/announce/2014/mfsa2014-18...

x_refsource_CONFIRM

https://security.gentoo.org/glsa/201504-01

vendor-advisoryx_refsource_GENTOO

http://lists.opensuse.org/opensuse-security-announce/2014...

vendor-advisoryx_refsource_SUSE

Timeline

Vulnerability published
Mar 19, 2014
Vulnerability Reserved
Jan 16, 2014