Home > Vulnerability Database > CVE-2014-1491

Mend.io Vulnerability Database

CVE-2014-1491

Date: February 5, 2014

Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.

Severity Score

8.8

Related Resources (37)

Url: http://seclists.org/fulldisclosure/2014/Dec/23

Url: http://www.ubuntu.com/usn/USN-2102-1

Url: http://www.securitytracker.com/id/1029721

Url: http://hg.mozilla.org/projects/nss/rev/12c42006aed8

Url: http://www.ubuntu.com/usn/USN-2102-2

Url: http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html

Url: http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html

Url: http://www.securitytracker.com/id/1029720

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-1491

Url: http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html

Url: http://secunia.com/advisories/56922

Url: http://www.securityfocus.com/archive/1/534161/100/0/threaded

Url: http://secunia.com/advisories/56888

Url: http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html

Url: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Url: http://www.debian.org/security/2014/dsa-2994

Url: https://access.redhat.com/security/cve/CVE-2014-1491

Url: https://security-tracker.debian.org/tracker/CVE-2014-1491

Url: http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html

Url: http://www.debian.org/security/2014/dsa-2858

Url: http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=934545

Url: https://security.gentoo.org/glsa/201504-01

Url: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/90886

Url: http://www.vmware.com/security/advisories/VMSA-2014-0012.html

Url: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761

Url: http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Url: http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Url: http://secunia.com/advisories/56858

Url: http://www.mozilla.org/security/announce/2014/mfsa2014-12.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1491

Url: http://www.ubuntu.com/usn/USN-2119-1

Url: http://www.securityfocus.com/bid/65332

Url: http://www.securitytracker.com/id/1029717

Url: https://www.mend.io/vulnerability-database/CVE-2014-1491

Severity Score

8.8

Weakness Type (CWE)

Inadequate Encryption Strength

CWE-326

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2014-1491

Date: February 5, 2014

Severity Score

Related Resources (37)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?