VYPR
Unrated severityNVD Advisory· Published Mar 25, 2014· Updated Jun 17, 2026

CVE-2014-1492

CVE-2014-1492

Description

The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

54
  • cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*+ 50 more
    • cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*range: <=3.15.5
    • cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.11.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.12:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.12.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.12.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.12.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.12.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.12.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.12.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.12.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.12.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.12.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.12.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.12.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.12.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.12.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.14:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.14.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.14.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.14.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.14.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.14.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.15:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.15.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.15.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.15.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.15.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.15.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*
    • (no CPE)range: <3.16
  • osv-coords3 versions
    < 128.5.1-1.1+ 2 more
    • (no CPE)range: < 128.5.1-1.1
    • (no CPE)range: < 50.1.0-1.1
    • (no CPE)range: < 3.26.2-1.1

Patches

Vulnerability mechanics

References

27

News mentions

0

No linked articles in our index yet.