CVE-2014-1490

Mozilla Firefox < 24.3 - Use-After-Free via Session Ticket Replacement in Resumption Handshake

Title source: llm

Description

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.

References (36)

Core 36

Core References

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2119-1

Third Party Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/65335

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1029721

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1029717

Not Applicable x_refsource_confirm

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

Broken Link, URL Repurposed x_refsource_confirm

https://8pecxstudios.com/?page_id=44080

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/56922

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/56787

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1029720

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/56858

Broken Link vdb-entry x_refsource_osvdb

http://osvdb.org/102876

Third Party Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2014/dsa-2858

Not Applicable mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/534161/100/0/threaded

Issue Tracking, Patch, Vendor Advisory x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=930874

Third Party Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2102-2

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201504-01

Vendor Advisory x_refsource_confirm

http://www.mozilla.org/security/announce/2014/mfsa2014-12.html

Third Party Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Third Party Advisory x_refsource_confirm

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761

Not Applicable mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Dec/23

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/56888

Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/90885

Third Party Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2102-1

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/56767

Issue Tracking, Patch, Vendor Advisory x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=930857

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/56706

Scores

EPSS 0.0157

EPSS Percentile 81.8%

Details

CWE

CWE-362

Status published

Products (21)

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 12.10

canonical/ubuntu_linux 13.10

debian/debian_linux 7.0

fedoraproject/fedora 19

fedoraproject/fedora 20

mozilla/firefox < 24.3

mozilla/network_security_services < 3.15.4

mozilla/seamonkey < 2.24

mozilla/thunderbird < 24.3.0

... and 11 more

Published Feb 06, 2014

Tracked Since Feb 18, 2026