User: Password:
|
|
Subscribe / Log in / New account

thunderbird: multiple vulnerabilities

Package(s):thunderbird CVE #(s):CVE-2014-1490 CVE-2014-1491
Created:February 7, 2014 Updated:February 20, 2014
Description:

From the CVE entries:

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket. (CVE-2014-1490).

Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value. (CVE-2014-1491).

Alerts:
Gentoo 201504-01 firefox 2015-04-07
CentOS CESA-2014:1246 nss, nspr 2014-09-30
Scientific Linux SLSA-2014:1246-1 nss and nspr 2014-09-26
Oracle ELSA-2014-1246 nss, nspr 2014-09-17
Red Hat RHSA-2014:1246-01 nss, nspr 2014-09-16
openSUSE openSUSE-SU-2014:1100-1 Firefox 2014-09-09
Debian DSA-2994-1 nss 2014-07-31
Scientific Linux SLSA-2014:0917-1 nss and nspr 2014-07-22
Oracle ELSA-2014-0917 nss, nspr 2014-07-22
Red Hat RHSA-2014:0917-01 nss, nspr 2014-07-22
openSUSE openSUSE-SU-2014:0419-1 Mozilla 2014-03-21
Ubuntu USN-2102-2 firefox 2014-02-19
Ubuntu USN-2119-1 thunderbird 2014-02-19
SUSE SUSE-SU-2014:0248-2 firefox 2014-02-19
SUSE SUSE-SU-2014:0248-1 firefox 2014-02-18
Ubuntu USN-2102-1 firefox 2014-02-10
Slackware SSA:2014-039-02 thunderbird 2014-02-08
Debian DSA-2858-1 iceweasel 2014-02-10
openSUSE openSUSE-SU-2014:0212-1 firefox 2014-02-08
Fedora FEDORA-2014-2041 thunderbird 2014-02-07
openSUSE openSUSE-SU-2014:0213-1 Mozilla 2014-02-08

(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds