CVE-2014-1490

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.

Published: Feb 6, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-1490
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-362

Affected Software
References

Software	From	Fixed in
mozilla / network_security_services	-	3.15.4
mozilla / seamonkey	-	2.24
mozilla / firefox	-	27.0
mozilla / firefox_esr	-	24.3
mozilla / thunderbird	-	24.3.0
oracle / enterprise_manager_ops_center	12.2.1	12.2.1.x
oracle / enterprise_manager_ops_center	12.3.0	12.3.0.x
oracle / enterprise_manager_ops_center	12.2.0	12.2.0.x
oracle / vm_server	3.2	3.2.x
oracle / enterprise_manager_ops_center	-	12.1.4
fedoraproject / fedora	20	20.x
fedoraproject / fedora	19	19.x
suse / linux_enterprise_desktop	11-sp3	11-sp3.x
suse / linux_enterprise_server	11-sp3	11-sp3.x
opensuse / opensuse	12.3	12.3.x
suse / linux_enterprise_software_development_kit	11-sp3	11-sp3.x
opensuse / opensuse	11.4	11.4.x
opensuse / opensuse	13.1	13.1.x
debian / debian_linux	7.0	7.0.x
canonical / ubuntu_linux	13.10	13.10.x
canonical / ubuntu_linux	12.10	12.10.x
canonical / ubuntu_linux	12.04	12.04.x

Vulnerability Database

289,599

CVE-2014-1490