1
PublicDateAtUSN: 2014-07-22
2
Candidate: CVE-2014-1544
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544
6
https://www.mozilla.org/security/announce/2014/mfsa2014-63.html
7
https://usn.ubuntu.com/usn/usn-2295-1
8
https://usn.ubuntu.com/usn/usn-2296-1
9
https://usn.ubuntu.com/usn/usn-2343-1
11
Use-after-free vulnerability in the CERT_DestroyCertificate function in
12
libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in
13
Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before
14
24.7, allows remote attackers to execute arbitrary code via vectors that
15
trigger certain improper removal of an NSSCertificate structure from a
20
https://bugzilla.mozilla.org/show_bug.cgi?id=963150
22
Discovered-by: Tyson Smith and Jesse Schwartzentruber
26
upstream_firefox: released (31.0)
27
lucid_firefox: ignored (reached end-of-life)
28
precise_firefox: released (31.0+build1-0ubuntu0.12.04.1)
29
trusty_firefox: released (31.0+build1-0ubuntu0.14.04.1)
30
devel_firefox: released (31.0~b9+build1-0ubuntu1)
33
Priority_thunderbird: low
34
upstream_thunderbird: released (31.0)
35
lucid_thunderbird: ignored (reached end-of-life)
36
precise_thunderbird: released (1:31.0+build1-0ubuntu0.12.04.1)
37
trusty_thunderbird: released (1:31.0+build1-0ubuntu0.14.04.1)
38
devel_thunderbird: released (1:31.0+build1-0ubuntu2)
41
upstream: https://hg.mozilla.org/projects/nss/rev/204f22c527f8
42
upstream: https://hg.mozilla.org/projects/nss/rev/872dd4d243ac
43
upstream_nss: released (3.16.2)
44
lucid_nss: released (3.15.4-0ubuntu0.10.04.3)
45
precise_nss: released (3.15.4-0ubuntu0.12.04.3)
46
trusty_nss: released (2:3.15.4-1ubuntu7.1)
47
devel_nss: not-affected (2:3.16.3-1ubuntu1)