Oracle Solaris 11: CVE-2014-1490 (11.2 SRU 5.5.0)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | February 06, 2014 | May 29, 2017 | January 04, 2018 |
Description
Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
Solution
oracle-solaris-11-2-upgrade-database-sqlite-3-3-8-2-0-175-2-5-0-4-0Related Vulnerabilities
- SUSE Linux Security Advisory: SUSE-SU-2014:1100-1
- MFSA2014-12 Thunderbird: NSS ticket handling issues (CVE-2014-1490)
- USN-2102-1: Firefox vulnerabilities
- Sun Patch: NSS_NSPR_JSS 3.35 Solaris: NSPR 4.18 / NSS 3.35 / JSS 4.3.2 Mainte
- Sun Patch: NSS_NSPR_JSS 3.35: NSPR 4.18 / NSS 3.35 / JSS 4.3.2
- SUSE: CVE-2014-1490: SUSE Linux Security Advisory
- F5 Networks: K16716 (CVE-2014-1490): Multiple Mozilla NSS vulnerabilities
- Sun Patch: NSS_NSPR_JSS 3.30.2_x86: NSPR 4.15 / NSS 3.30.2 / JSS 4.3.2
- Sun Patch: NSS_NSPR_JSS 3.35: NSPR 4.18 / NSS 3.35 / JSS 4.3.2
- MFSA2014-12 SeaMonkey: NSS ticket handling issues (CVE-2014-1490)
- RHSA-2014:1246: nss and nspr security, bug fix, and enhancement update
- RHSA-2014:0917: nss and nspr security, bug fix, and enhancement update
- Gentoo Linux: CVE-2014-1490: Mozilla Products: Multiple vulnerabilities
- ELSA-2014-1246 Moderate: Oracle Linux nss and nspr security, bug fix, and enhancement update
- Sun Patch: NSS_NSPR_JSS 3.35_x86: NSPR 4.18 / NSS 3.35 / JSS 4.3.2
- FreeBSD: mozilla -- multiple vulnerabilities (Multiple CVEs)
- Sun Patch: NSS_NSPR_JSS 3.35: NSPR 4.18 / NSS 3.35 / JSS 4.3.2
- DSA-2858-1 iceweasel -- several vulnerabilities
- Sun Patch: NSS_NSPR_JSS 3.35 Solaris_x86: NSPR 4.18 / NSS 3.35 / JSS 4.3.2 Ma
- USN-2119-1: Thunderbird vulnerabilities
- ELSA-2014-0917 Critical: Oracle Linux nss and nspr security, bug fix, and enhancement update
- MFSA2014-12 Firefox: NSS ticket handling issues (CVE-2014-1490)