1
PublicDateAtUSN: 2014-03-25
2
Candidate: CVE-2014-1492
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492
6
https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes
7
https://usn.ubuntu.com/usn/usn-2159-1
8
http://www.mozilla.org/security/announce/2014/mfsa2014-45.html
9
https://usn.ubuntu.com/usn/usn-2185-1
11
The cert_TestHostName function in lib/certdb/certdb.c in the
12
certificate-checking implementation in Mozilla Network Security Services
13
(NSS) before 3.16 accepts a wildcard character that is embedded in an
14
internationalized domain name's U-label, which might allow
15
man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
18
jdstrand> Thunderbird 24.5 has nss 3.15.4
20
https://bugzilla.mozilla.org/show_bug.cgi?id=903885
21
https://bugzilla.redhat.com/show_bug.cgi?id=1079851
24
Assigned-to: chrisccoulson
27
upstream_firefox: released (29.0)
28
lucid_firefox: ignored (reached end-of-life)
29
precise_firefox: released (29.0+build1-0ubuntu0.12.04.2)
30
quantal_firefox: released (29.0+build1-0ubuntu0.12.10.3)
31
saucy_firefox: released (29.0+build1-0ubuntu0.13.10.3)
32
trusty_firefox: released (29.0+build1-0ubuntu0.14.04.2)
33
devel_firefox: not-affected (29.0+build1-0ubuntu0.14.04.2)
36
Priority_thunderbird: low
37
upstream_thunderbird: needs-triage
38
lucid_thunderbird: ignored (reached end-of-life)
39
precise_thunderbird: not-affected
40
quantal_thunderbird: ignored (reached end-of-life)
41
saucy_thunderbird: ignored (reached end-of-life)
42
trusty_thunderbird: not-affected
43
devel_thunderbird: not-affected
45
Patches_chromium-browser:
46
upstream_chromium-browser: needs-triage
47
lucid_chromium-browser: not-affected (uses system nss)
48
precise_chromium-browser: not-affected (uses system nss)
49
quantal_chromium-browser: not-affected (uses system nss)
50
saucy_chromium-browser: not-affected (uses system nss)
51
trusty_chromium-browser: not-affected (uses system nss)
52
devel_chromium-browser: not-affected (uses system nss)
55
upstream_oxide-qt: needs-triage
60
trusty_oxide-qt: not-affected (uses system nss)
61
devel_oxide-qt: not-affected (uses system nss)
64
upstream: https://hg.mozilla.org/projects/nss/rev/15ea62260c21
65
upstream: https://hg.mozilla.org/projects/nss/rev/2ffa40a3ff55
66
upstream: https://hg.mozilla.org/projects/nss/rev/709d4e597979
67
upstream_nss: released (3.16)
68
lucid_nss: released (3.15.4-0ubuntu0.10.04.2)
69
precise_nss: released (3.15.4-0ubuntu0.12.04.2)
70
quantal_nss: released (3.15.4-0ubuntu0.12.10.2)
71
saucy_nss: released (2:3.15.4-0ubuntu0.13.10.2)
72
trusty_nss: released (2:3.15.4-1ubuntu7)
73
devel_nss: released (2:3.15.4-1ubuntu7)