The vulnerability of the Firefox browser, which allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability exists in the NSS Network Security Services library of Mozilla for Mozilla Firefox, due to incorrect processing of ASN.1 values in X.509 certificates. Exploiting this vulnerability allows malicious actors to replace RSA signatures with specially crafted certificates. This...

The vulnerability of the Firefox browser, which allows a malicious actor to compromise the accessibility of protected information

The vulnerability in Mozilla Firefox allows malicious actors operating remotely to cause a service failure certificate processing failure using a specially crafted certificate. In this case, the UTF-8 character encoding is not used in the relevant context...

The vulnerability of the Firefox browser, which allows a malicious attacker to compromise the accessibility of protected information

The vulnerability in Mozilla Firefox allows malicious actors operating remotely to cause a service failure certificate processing failure by using a specially crafted certificate that does not utilize UTF-8 character encoding in the appropriate context...

The vulnerability of Thunderbird software, which allows a malicious attacker to compromise the accessibility of protected information

The vulnerability in Mozilla Firefox and Thunderbird allows malicious actors, operating remotely, to trigger a service failure certificate processing failure using a specially crafted certificate. In this case, the UTF-8 character encoding is not utilized in the relevant context...

USN-2979-1 linux vulnerabilities

David Matlack discovered that the Kernel-based Virtual Machine KVM implementation in the Linux kernel did not properly restrict variable Memory Type Range Registers MTRR in KVM guests. A privileged user in a guest VM could use this to cause a denial of service system crash in the host, expose...

USN-2976-1 linux-lts-utopic vulnerability

Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privilege...

kernel: tags with indefinite length can corrupt pointers in asn1_find_indefinite_length()

A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system...

The vulnerability of the iOS operating system, which allows attackers to carry out “man-in-the-middle” attacks

The vulnerability of the WebKit component of the iOS operating system is related to errors in cryptographic transformations. Exploiting this vulnerability allows a remote attacker to perform “man-in-the-middle” attacks due to errors in SSL certificate processing...

Cisco ASA Certificate Processing Denial of Service (CSCuh19462)

Cisco Adaptive Security Appliance ASA Software versions for symmetric multi-processor SMP platforms contain a vulnerability that could allow an unauthenticated, remote attacker to trigger the device to crash. The vulnerability is due to the SSL/TLS certificate handling code. An attacker could...

Code injection

Cisco Adaptive Security Appliances ASA devices, when SMP is used, do not properly process X.509 certificates, which allows remote attackers to cause a denial of service device crash via a large volume of 1 SSL or 2 TLS traffic, aka Bug ID CSCuh19462...

CVE-2005-3731

Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and attack vectors, related to "certificate chain processing."...