FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

NSS -- RSA Signature Forgery

Affected packages
linux-firefox < 32.0.3,1
linux-thunderbird < 31.1.2
linux-seamonkey < 2.29.1
nss < 3.17.1
linux-c6-nss < 3.16.1

Details

VuXML ID 48108fb0-751c-4cbb-8f33-09239ead4b55
Discovery 2014-09-23
Entry 2014-09-25

The Mozilla Project reports:

Antoine Delignat-Lavaud discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates.

References

CVE Name CVE-2014-1568
URL https://www.mozilla.org/security/announce/2014/mfsa2014-73.html