CVE-2014-1560 — Mozilla Firefox vulnerability

10 documents6 sources

Severity

4.3MEDIUMNVD

OSV10.0

EPSS

0.6%

top 31.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird

Timeline

PublishedJul 23

Latest updateMay 17

Description

Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use ASCII character encoding in a required context.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

▶Ubuntumozilla/firefox< 31.0+build1-0ubuntu0.14.04.1

▶Ubuntumozilla/thunderbird< 1:31.0+build1-0ubuntu0.14.04.1

▶NVDmozilla/firefox30.0

▶NVDmozilla/thunderbird24.7+9

🔴Vulnerability Details

GHSA

GHSA-565p-fhwf-hq35: Mozilla Firefox before 31↗2022-05-17

▶

OSV

firefox vulnerabilities↗2014-07-22

▶

OSV

CVE-2014-1560: Mozilla Firefox before 31↗2014-07-22

▶

OSV

thunderbird vulnerabilities↗2014-07-22

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2014-07-22

▶

Ubuntu

Firefox vulnerabilities↗2014-07-22

▶

Red Hat

Mozilla: Certificate parsing broken by non-standard character encoding (MFSA 2014-65)↗2014-07-22

▶

💬Community

Bugzilla

CVE-2014-1558 CVE-2014-1559 CVE-2014-1560 Mozilla: Certificate parsing broken by non-standard character encoding (MFSA 2014-65)↗2014-07-21

▶

Bugzilla

redis: insecure temporary file creation↗2014-02-24

▶