Use-After-Free Vulnerability in Mozilla Network Security Services Affects Firefox and Thunderbird
CVE-2014-1544

Currently unrated

Key Information:

Vendor

Mozilla
Status
Network Security Services
Firefox Esr
Thunderbird
Firefox
Vendor
CVE Published:
23 July 2014

What is CVE-2014-1544?

A use-after-free vulnerability located in the CERT_DestroyCertificate function of libnss3.so within Mozilla Network Security Services (NSS) can lead to severe security risks. This flaw affects various versions of Firefox and Thunderbird, allowing remote attackers to execute arbitrary code through specially crafted requests that improperly manipulate an NSSCertificate structure, enabling unauthorized access and exploitation of the affected systems.

References

http://www.oracle.com/technetwork/topics/security/ovmbull...
x_refsource_CONFIRM
http://secunia.com/advisories/59719
third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/60083
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2014-1544 : Use-After-Free Vulnerability in Mozilla Network Security Services Affects Firefox and Thunderbird