Unrated severityNVD Advisory· Published Mar 25, 2014· Updated May 6, 2026
CVE-2014-1492
CVE-2014-1492
Description
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
Affected products
50cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*+ 49 more
- cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*range: <=3.15.5
- cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.14.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.15:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.15.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.15.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.15.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.15.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.11.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.12.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.12.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.12.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.12.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.12.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.12.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.12.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.12.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.12.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.12.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.12.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.14:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.14.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.14.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.14.4:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
27- hg.mozilla.org/projects/nss/rev/709d4e597979nvdExploitPatch
- kb.juniper.net/InfoCenter/indexnvd
- lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.htmlnvd
- lists.opensuse.org/opensuse-updates/2014-05/msg00010.htmlnvd
- lists.opensuse.org/opensuse-updates/2014-05/msg00033.htmlnvd
- seclists.org/fulldisclosure/2014/Dec/23nvd
- secunia.com/advisories/59866nvd
- secunia.com/advisories/60621nvd
- secunia.com/advisories/60794nvd
- www.debian.org/security/2014/dsa-2994nvd
- www.mozilla.org/security/announce/2014/mfsa2014-45.htmlnvd
- www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlnvd
- www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlnvd
- www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlnvd
- www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlnvd
- www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlnvd
- www.securityfocus.com/archive/1/534161/100/0/threadednvd
- www.securityfocus.com/bid/66356nvd
- www.ubuntu.com/usn/USN-2159-1nvd
- www.ubuntu.com/usn/USN-2185-1nvd
- www.vmware.com/security/advisories/VMSA-2014-0012.htmlnvd
- bugzilla.mozilla.org/show_bug.cginvd
- bugzilla.redhat.com/show_bug.cginvd
- developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notesnvd
- security.gentoo.org/glsa/201504-01nvd
News mentions
0No linked articles in our index yet.