Design/Logic Flaw

2014-07-2311:12:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.106 Low

EPSS

Percentile

94.9%

JSON

Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain.

CPENameOperatorVersion
firefoxle30.0
firefox_esreq24.5
firefox_esreq24.2
firefox_esreq24.0
firefox_esreq24.0.2
firefox_esreq24.1.0
firefox_esreq24.4
firefox_esreq24.3
firefox_esreq24.0.1
firefox_esreq24.6

Name	Operator	Version
firefox	le	30.0
firefox_esr	eq	24.5
firefox_esr	eq	24.2
firefox_esr	eq	24.0
firefox_esr	eq	24.0.2
firefox_esr	eq	24.1.0
firefox_esr	eq	24.4
firefox_esr	eq	24.3
firefox_esr	eq	24.0.1
firefox_esr	eq	24.6