mozilla-nss: update to avoid signature forgery (critical)

ID OPENSUSE-SU-2014:1232-1
Type suse
Reporter Suse
Modified 2014-09-28T12:07:03


Mozilla NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates.