CVE-2014-1490

Priority
Medium
Description
Race condition in libssl in Mozilla Network Security Services (NSS) before
3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before
24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products,
allows remote attackers to cause a denial of service (use-after-free) or
possibly have unspecified other impact via vectors involving a resumption
handshake that triggers incorrect replacement of a session ticket.
References
Assigned-to
chrisccoulson
Package
Upstream:released (24.3.0)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (1:24.3.0+build2-0ubuntu0.12.04.1)
Ubuntu 12.10 (Quantal Quetzal):released (1:24.3.0+build2-0ubuntu0.12.10.1)
Ubuntu 13.10 (Saucy Salamander):released (1:24.3.0+build2-0ubuntu0.13.10.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:24.4.0+build1-0ubuntu1)
Package
Source: nss (LP Ubuntu Debian)
Upstream:released (3.15.4)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Ubuntu 12.10 (Quantal Quetzal):not-affected
Ubuntu 13.10 (Saucy Salamander):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Package
Upstream:released (27.0)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (27.0+build1-0ubuntu0.12.04.1)
Ubuntu 12.10 (Quantal Quetzal):released (27.0+build1-0ubuntu0.12.10.1)
Ubuntu 13.10 (Saucy Salamander):released (27.0+build1-0ubuntu0.13.10.1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
More Information

Valid XHTML 1.0 Strict

Updated: 2014-03-25 19:14:37 UTC (commit 7872)