CVE-2014-1560

Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use ASCII character encoding in a required context.

Published: Jul 23, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-1560
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mozilla / thunderbird	-	24.7.x
mozilla / thunderbird	24.0.1	24.0.1.x
mozilla / thunderbird	24.2	24.2.x
mozilla / firefox	-	30.0.x
mozilla / thunderbird	24.5	24.5.x
mozilla / thunderbird	24.1	24.1.x
mozilla / thunderbird	24.1.1	24.1.1.x
mozilla / thunderbird	24.4	24.4.x
mozilla / thunderbird	24.3	24.3.x
mozilla / thunderbird	24.0	24.0.x
mozilla / thunderbird	24.6	24.6.x

http://secunia.com/advisories/60628
http://www.mozilla.org/security/announce/2014/mfsa2014-65.html
http://www.securitytracker.com/id/1030619
http://www.securitytracker.com/id/1030620
https://bugzilla.mozilla.org/show_bug.cgi?id=997795
https://security.gentoo.org/glsa/201504-01

Vulnerability Database

CVE-2014-1560

Deep Security Visibility Without the Complexity