the original cloud security
Showing 1 - 5 of 5 RSS Feed

CVE-2014-1490

Status Candidate

Overview

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.

Related Files

Red Hat Security Advisory 2014-1246-01
Posted Sep 16, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1246-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1545
MD5 | 2370ddfc5ea1d05fa98099be4cbf5906
Red Hat Security Advisory 2014-0917-01
Posted Jul 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0917-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1544, CVE-2014-1545
MD5 | 125563ddbb4d52dd83f64bf8258af734
Ubuntu Security Notice USN-2119-1
Posted Feb 20, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2119-1 - Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen and Sotaro Ikeda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Cody Crews discovered a method to bypass System Only Wrappers. If a user had enabled scripting, an attacker could potentially exploit this to steal confidential data or execute code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1477, CVE-2014-1479, CVE-2014-1482, CVE-2014-1486, CVE-2014-1487, CVE-2014-1481, CVE-2013-6674, CVE-2013-6674, CVE-2014-1477, CVE-2014-1479, CVE-2014-1481, CVE-2014-1482, CVE-2014-1486, CVE-2014-1487, CVE-2014-1490, CVE-2014-1491
MD5 | 2cb102f8f2600e0ade905206f10b0a4e
Ubuntu Security Notice USN-2102-1
Posted Feb 10, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2102-1 - Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Carsten Book, Andrew Sutherland, Byron Campen, Nicholas Nethercote, Paul Adenot, David Baron, Julian Seward and Sotaro Ikeda discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1478, CVE-2014-1479, CVE-2014-1480, CVE-2014-1482, CVE-2014-1483, CVE-2014-1485, CVE-2014-1486, CVE-2014-1487, CVE-2014-1489, CVE-2014-1488, CVE-2014-1481, CVE-2014-1477, CVE-2014-1478, CVE-2014-1479, CVE-2014-1480, CVE-2014-1481, CVE-2014-1482, CVE-2014-1483, CVE-2014-1485, CVE-2014-1486, CVE-2014-1487, CVE-2014-1488, CVE-2014-1489, CVE-2014-1490, CVE-2014-1491
MD5 | b33c5d48b35dca835b2c227df12787fb
Debian Security Advisory 2858-1
Posted Feb 10, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2858-1 - Multiple security issues have been found in Iceweasel, Debian's version use-after-frees, too-verbose error messages and missing permission checks may lead to the execution of arbitrary code, the bypass of security checks or information disclosure. This update also addresses security issues in the bundled version of the NSS crypto library.

tags | advisory, arbitrary, crypto, info disclosure
systems | linux, debian
advisories | CVE-2014-1477, CVE-2014-1479, CVE-2014-1481, CVE-2014-1482, CVE-2014-1486, CVE-2014-1487, CVE-2014-1490, CVE-2014-1491
MD5 | 7c95e9c314d9ac41d59aec472283e65a
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close