Lucene search
UbuntuUSN-2360-2HistorySep 24, 2014 - 12:00 a.m.
Thunderbird vulnerabilities
2014-09-2400:00:00
ubuntu.com
34
6.8 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.044 Low
EPSS
Percentile
92.3%
Releases
- Ubuntu 14.04 ESM
- Ubuntu 12.04
Packages
- thunderbird - Mozilla Open Source mail and newsgroup client
Details
USN-2360-1 fixed vulnerabilities in Firefox. This update provides the
corresponding updates for Thunderbird.
Original advisory details:
Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled
parsing ASN.1 values. An attacker could use this issue to forge RSA
certificates.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 14.04 | noarch | thunderbird | < 1:31.1.2+build1-0ubuntu0.14.04.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | thunderbird-dbg | < 1:31.1.2+build1-0ubuntu0.14.04.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | thunderbird-dev | < 1:31.1.2+build1-0ubuntu0.14.04.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | thunderbird-globalmenu | < 1:31.1.2+build1-0ubuntu0.14.04.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | thunderbird-gnome-support | < 1:31.1.2+build1-0ubuntu0.14.04.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | thunderbird-gnome-support-dbg | < 1:31.1.2+build1-0ubuntu0.14.04.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | thunderbird-locale-af | < 1:31.1.2+build1-0ubuntu0.14.04.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | thunderbird-locale-ar | < 1:31.1.2+build1-0ubuntu0.14.04.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | thunderbird-locale-ast | < 1:31.1.2+build1-0ubuntu0.14.04.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | thunderbird-locale-be | < 1:31.1.2+build1-0ubuntu0.14.04.1 | UNKNOWN |
References
Related
nessus
nessus
Oracle Linux 5 / 6 / 7 : nss (ELSA-2014-1307)
2014-09-29 00:00:00
Mandriva Linux Security Advisory : nss (MDVSA-2014:189)
2014-09-26 00:00:00
Debian DSA-3034-1 : iceweasel - security update
2014-09-26 00:00:00
suse
suse
NSS update to avoid signature forgery (critical)
2014-09-28 12:04:18
Security update for mozilla-nss (important)
2014-10-01 17:04:53
Security update for mozilla-nss (important)
2014-09-27 00:04:18
prion
prion
Design/Logic Flaw
2014-09-25 17:55:00
Design/Logic Flaw
2018-09-26 21:29:00
Code injection
2018-11-07 20:29:00
osv
osv
nss - security update
2014-09-25 00:00:00
CVE-2018-16253
2018-11-07 20:29:00
CVE-2018-16152
2018-09-26 21:29:01
mozilla
mozilla
RSA Signature Forgery in NSS — Mozilla
2014-09-24 00:00:00
cert
cert
debian
debian
[SECURITY] [DSA 3033-1] nss security update
2014-09-25 00:23:40
[SECURITY] [DSA 3037-1] icedove security update
2014-09-26 19:31:43
[SECURITY] [DSA 3034-1] iceweasel security update
2014-09-25 06:25:14
openvas
openvas
Mozilla Firefox ESR RSA Spoof Vulnerability (Sep 2014) - Windows
2014-09-29 00:00:00
CentOS Update for nss CESA-2014:1307 centos7
2014-10-01 00:00:00
Seamonkey RSA Spoof Vulnerability (Sep 2014) - Mac OS X
2014-09-30 00:00:00
centos
centos
nss security update
2014-09-26 11:29:24
fedora
fedora
[SECURITY] Fedora 21 Update: nss-3.17.1-1.fc21
2014-09-29 04:00:07
[SECURITY] Fedora 21 Update: nss-util-3.17.1-1.fc21
2014-09-29 04:00:07
[SECURITY] Fedora 21 Update: nss-softokn-3.17.1-2.fc21
2014-09-29 04:00:06
archlinux
archlinux
NSS: Signature forgery attack
2014-09-24 00:00:00
veracode
veracode
Spoofable RSA Signatures
2019-01-15 09:01:59
redhat
redhat
(RHSA-2014:1307) Important: nss security update
2014-09-26 00:00:00
(RHSA-2014:1371) Important: nss security update
2014-10-10 00:00:00
(RHSA-2014:1354) Critical: rhev-hypervisor6 security update
2014-10-02 00:00:00
mageia
mageia
Updated nss packages fix CVE-2014-1568
2014-09-26 19:55:04
amazon
amazon
Important: nss
2014-10-01 16:32:00
Important: nss-softokn
2014-10-01 16:32:00
Important: nss-util
2014-10-01 16:32:00
ubuntu
ubuntu
Firefox vulnerabilities
2014-09-24 00:00:00
NSS vulnerability
2014-09-24 00:00:00
cve
cve
freebsd
freebsd
chromium -- RSA signature malleability in NSS
2014-09-24 00:00:00
NSS -- RSA Signature Forgery
2014-09-23 00:00:00
oraclelinux
oraclelinux
nss security update
2014-09-26 00:00:00
nss, nss-util, and nss-softokn security, bug fix, and enhancement update
2014-12-02 00:00:00
chrome
chrome
Stable Channel Update
2014-09-24 00:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla Network Security Services RSA Signature Forgery (CVE-2014-1568)
2014-10-19 00:00:00
debiancve
debiancve
ubuntucve
ubuntucve
CVE-2014-1568
2014-09-24 00:00:00
CVE-2018-16152
2018-09-24 00:00:00
redhatcve
redhatcve
CVE-2018-16152
2018-10-03 20:20:39
alpinelinux
alpinelinux
CVE-2018-16152
2018-09-26 21:29:00
ibm
ibm
securityvulns
securityvulns
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-04-17 00:00:00
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-01-25 00:00:00
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-07-20 00:00:00
oracle
oracle
Oracle Critical Patch Update - April 2015
2015-04-14 00:00:00
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00
Oracle Critical Patch Update Advisory - July 2015
2015-07-14 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00
6.8 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.044 Low
EPSS
Percentile
92.3%
Related for USN-2360-2