CVE-2014-1544

Source
https://nvd.nist.gov/vuln/detail/CVE-2014-1544
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2014-1544.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2014-1544
Related
Published
2014-07-23T11:12:42Z
Modified
2024-10-21T13:55:03Z
Summary
[none]
Details

Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain.

References

Affected packages

Debian:11 / nss

Package

Name
nss
Purl
pkg:deb/debian/nss?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:3.16.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / nss

Package

Name
nss
Purl
pkg:deb/debian/nss?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:3.16.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / nss

Package

Name
nss
Purl
pkg:deb/debian/nss?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:3.16.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}