Lucene search

[email protected]CVE-2014-1498

HistoryMar 19, 2014 - 10:55 a.m.

CVE-2014-1498

2014-03-1910:55:06

CWE-347

[email protected]

web.nvd.nist.gov

cve-2014-1498

mozilla firefox

seamonkey

crypto.generatecrmfrequest

denial of service

key validation

elliptic curve

ec-dual-use algorithm

8.8 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.029 Low

EPSS

Percentile

90.8%

JSON

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm.

Affected configurations

NVD

Node

suselinux_enterprise_desktopMatch11sp3

suselinux_enterprise_serverMatch11sp3

suselinux_enterprise_serverMatch11sp3vmware

suselinux_enterprise_software_development_kitMatch11sp3

Node

oraclesolarisMatch11.3

Node

opensuseopensuseMatch13.1

opensuse_projectopensuseMatch11.4

opensuse_projectopensuseMatch12.3

Node

mozillaseamonkeyRange<2.25

Node

mozillafirefoxRange<28.0

CPENameOperatorVersion
suse:linux_enterprise_desktopsuse linux enterprise desktopeq11
suse:linux_enterprise_serversuse linux enterprise servereq11
suse:linux_enterprise_software_development_kitsuse linux enterprise software development kiteq11

CPE	Name	Operator	Version
suse:linux_enterprise_desktop	suse linux enterprise desktop	eq	11
suse:linux_enterprise_server	suse linux enterprise server	eq	11
suse:linux_enterprise_software_development_kit	suse linux enterprise software development kit	eq	11