CVE-2014-1544

Priority
Description
Use-after-free vulnerability in the CERT_DestroyCertificate function in
libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in
Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before
24.7, allows remote attackers to execute arbitrary code via vectors that
trigger certain improper removal of an NSSCertificate structure from a
trust domain.
Assigned-to
mdeslaur
Package
Upstream:released (31.0)
Ubuntu 14.04 LTS (Trusty Tahr):released (31.0+build1-0ubuntu0.14.04.1)
Package
Source: nss (LP Ubuntu Debian)
Upstream:released (3.16.2)
Ubuntu 14.04 LTS (Trusty Tahr):released (2:3.15.4-1ubuntu7.1)
Patches:
Upstream:https://hg.mozilla.org/projects/nss/rev/204f22c527f8
Upstream:https://hg.mozilla.org/projects/nss/rev/872dd4d243ac
Package
Priority: Low
Upstream:released (31.0)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:31.0+build1-0ubuntu0.14.04.1)
More Information

Updated: 2019-03-19 12:14:15 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)