CVE-2014-1544

Priority
Medium
Description
Use-after-free vulnerability in the CERT_DestroyCertificate function in
libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in
Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before
24.7, allows remote attackers to execute arbitrary code via vectors that
trigger certain improper removal of an NSSCertificate structure from a
trust domain.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:released (31.0)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (1:31.0+build1-0ubuntu0.12.04.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:31.0+build1-0ubuntu0.14.04.1)
Ubuntu 14.10 (Utopic Unicorn):released (1:31.0+build1-0ubuntu2)
Package
Source: nss (LP Ubuntu Debian)
Upstream:released (3.16.2)
Ubuntu 10.04 LTS (Lucid Lynx):released (3.15.4-0ubuntu0.10.04.3)
Ubuntu 12.04 LTS (Precise Pangolin):released (3.15.4-0ubuntu0.12.04.3)
Ubuntu 14.04 LTS (Trusty Tahr):released (2:3.15.4-1ubuntu7.1)
Ubuntu 14.10 (Utopic Unicorn):not-affected (2:3.16.3-1ubuntu1)
Patches:
Upstream:https://hg.mozilla.org/projects/nss/rev/204f22c527f8
Upstream:https://hg.mozilla.org/projects/nss/rev/872dd4d243ac
Package
Upstream:released (31.0)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (31.0+build1-0ubuntu0.12.04.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (31.0+build1-0ubuntu0.14.04.1)
Ubuntu 14.10 (Utopic Unicorn):released (31.0~b9+build1-0ubuntu1)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-09-09 15:14:29 UTC (commit 8461)