CVE-2014-1558 — Mozilla Firefox vulnerability

14 documents6 sources

Severity

4.3MEDIUMNVD

OSV10.0

EPSS

0.6%

top 31.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird

Timeline

PublishedJul 23

Latest updateMay 17

Description

Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1559.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

▶Ubuntumozilla/firefox< 31.0+build1-0ubuntu0.14.04.1

▶Ubuntumozilla/thunderbird< 1:31.0+build1-0ubuntu0.14.04.1

▶NVDmozilla/firefox30.0

▶NVDmozilla/thunderbird24.7+9

🔴Vulnerability Details

GHSA

GHSA-7x7g-6wq5-m98p: Mozilla Firefox before 31↗2022-05-17

▶

GHSA

GHSA-rgg5-hwqp-j6m9: Mozilla Firefox before 31↗2022-05-17

▶

OSV

firefox vulnerabilities↗2014-07-22

▶

OSV

thunderbird vulnerabilities↗2014-07-22

▶

OSV

CVE-2014-1559: Mozilla Firefox before 31↗2014-07-22

▶

📋Vendor Advisories

Red Hat

Mozilla: Certificate parsing broken by non-standard character encoding (MFSA 2014-65)↗2014-07-22

▶

Ubuntu

Thunderbird vulnerabilities↗2014-07-22

▶

Red Hat

Mozilla: Certificate parsing broken by non-standard character encoding (MFSA 2014-65)↗2014-07-22

▶

Ubuntu

Firefox vulnerabilities↗2014-07-22

▶

💬Community

Bugzilla

CVE-2014-1558 CVE-2014-1559 CVE-2014-1560 Mozilla: Certificate parsing broken by non-standard character encoding (MFSA 2014-65)↗2014-07-21

▶

Bugzilla

CVE-2013-1558 OpenJDK: java.beans.ThreadGroupContext missing restrictions (Beans, 7200507)↗2013-04-16

▶